Windows Analysis Report
librewolf-124.0.2-1-windows-x86_64-setup.exe

Overview

General Information

Sample name:	librewolf-124.0.2-1-windows-x86_64-setup.exe
Analysis ID:	1502484
MD5:	a03ef6f7f1c8a1fa2d0bc9789e16fb4f
SHA1:	6f56f9bdab5dbbe11082ec0daec4738f477f5c4b
SHA256:	ace3f0a2ce93c0c6bd26eb162523dc58db3f03fa394bc0704dc41fcdb2949b55
Tags:	exe
Infos:

Detection

Agent Tesla, AgentTesla, HTMLPhisher

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected Agent Tesla keylogger

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Yara detected AntiVM3

Yara detected BlockedWebSite

.NET source code contains potential unpacker

AI detected suspicious sample

Contains functionality to capture screen (.Net source)

Creates HTML files with .exe extension (expired dropper behavior)

Installs a global keyboard hook

Machine Learning detection for sample

Moves itself to temp directory

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Yara detected Generic Downloader

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a window with clipboard capturing capabilities

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://0xmrmagnezi.github.io/malware%20analysis/AgentTesla/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://specialcoupons.top/inc/stealc_daval.exe

Avira URL Cloud: Label: malware

Found malware configuration

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "Web Panel", "C2 url": "https://plantain-elk-b8pt.squarespace.com/api/comment/FlagComment"}

Multi AV Scanner detection for domain / URL

Source: specialcoupons.top	Virustotal: Detection: 7%			Perma Link
Source: https://specialcoupons.top/inc/stealc_daval.exe	Virustotal: Detection: 7%			Perma Link

Multi AV Scanner detection for submitted file

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	ReversingLabs: Detection: 65%
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	Virustotal: Detection: 56%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.0% probability

Machine Learning detection for sample

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Joe Sandbox ML: detected

Phishing

Yara detected BlockedWebSite

Source: Yara match

File source: C:\Users\user\AppData\Local\Temp\bob.exe, type: DROPPED

Uses 32bit PE files

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49732 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.157.127:443 -> 192.168.2.4:49736 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49756 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49757 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49773 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49772 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49774 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49776 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49777 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.4:49796 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49800 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49801 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49830 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49829 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49836 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49841 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49855 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49857 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49856 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49882 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49883 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49881 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49912 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49911 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49957 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49958 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49985 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49986 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49991 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49987 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49989 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49994 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49993 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49988 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49995 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49990 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50008 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50021 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50022 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50024 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50051 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50053 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50054 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50055 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50069 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50070 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50071 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50072 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50073 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50074 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50075 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50076 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50077 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50078 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50079 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50080 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50082 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50083 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50081 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50084 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50085 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50087 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50086 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50088 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50089 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50091 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50090 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50092 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50093 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50094 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50095 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50097 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50096 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50099 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50100 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50101 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50102 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50103 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50104 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50105 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50106 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50107 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50108 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50109 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50110 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50111 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50112 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50113 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50114 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50115 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50116 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.4:50116 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50117 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50118 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50119 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50120 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50121 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50122 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50123 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50124 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50125 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50126 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50127 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50128 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50129 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50130 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50131 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50132 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50133 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50134 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50135 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50136 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50137 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50138 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50139 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50140 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50141 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50142 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50143 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50144 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50145 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50147 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50146 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50148 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50149 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50150 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50151 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50152 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50153 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50154 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50155 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50156 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50157 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50158 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50159 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50160 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50161 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50163 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50162 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50164 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50165 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50166 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50167 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50168 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50169 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50170 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50171 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50172 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50173 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50174 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50175 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50176 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50177 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50178 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50179 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50180 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50181 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50182 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50183 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50184 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50185 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50186 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50187 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50188 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50189 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50190 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50191 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50192 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50193 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50194 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50195 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50196 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50197 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50198 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50199 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50200 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50201 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50202 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50203 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50204 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50205 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50206 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50207 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50208 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50209 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50210 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50212 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50211 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50213 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50214 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50215 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50216 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50217 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50218 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50219 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50220 version: TLS 1.0

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb source: librewolf-124.0.2-1-windows-x86_64-setup.exe
Source:	Binary string: r\VB.net\stealers\firefoxx64\firefox\obj\Debug\firefox.pdb source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Networking

Creates HTML files with .exe extension (expired dropper behavior)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File created: bob.exe.0.dr

Yara detected Generic Downloader

Source: Yara match	File source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE
Source: Yara match	File source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /inc/stealc_daval.exe HTTP/1.1Host: specialcoupons.topConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 198.185.159.177 198.185.159.177
Source: Joe Sandbox View	IP Address: 198.185.159.177 198.185.159.177
Source: Joe Sandbox View	IP Address: 158.101.44.242 158.101.44.242

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: SQUARESPACEUS SQUARESPACEUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

May check the online IP address of the machine

Source: unknown

DNS query: name: checkip.dyndns.org

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 314Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 590Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123818Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123806Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123806Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123846Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 125438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 125438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 125438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 125440Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 124482Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123806Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123806Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123806Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123806Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123806Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123806Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123752Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123750Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123754Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123750Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123752Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123760Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123760Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123760Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123762Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49732 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.157.127:443 -> 192.168.2.4:49736 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49756 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49757 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49773 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49772 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49774 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49776 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49777 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.4:49796 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49800 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49801 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49830 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49829 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49836 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49841 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49855 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49857 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49856 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49882 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49883 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49881 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49912 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49911 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49957 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49958 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49985 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49986 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49991 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49987 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49989 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49994 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49993 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49988 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49995 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49990 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50008 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50021 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50022 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50024 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50051 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50053 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50054 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50055 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50069 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50070 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50071 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50072 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50073 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50074 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50075 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50076 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50077 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50078 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50079 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50080 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50082 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50083 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50081 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50084 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50085 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50087 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50086 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50088 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50089 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50091 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50090 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50092 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50093 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50094 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50095 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50097 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50096 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50099 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50100 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50101 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50102 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50103 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50104 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50105 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50106 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50107 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50108 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50109 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50110 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50111 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50112 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50113 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50114 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50115 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50116 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.4:50116 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50117 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50118 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50119 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50120 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50121 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50122 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50123 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50124 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50125 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50126 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50127 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50128 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50129 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50130 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50131 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50132 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50133 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50134 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50135 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50136 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50137 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50138 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50139 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50140 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50141 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50142 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50143 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50144 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50145 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50147 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50146 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50148 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50149 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50150 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50151 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50152 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50153 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50154 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50155 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50156 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50157 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50158 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50159 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50160 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50161 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50163 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50162 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50164 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50165 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50166 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50167 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50168 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50169 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50170 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50171 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50172 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50173 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50174 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50175 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50176 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50177 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50178 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50179 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50180 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50181 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50182 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50183 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50184 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50185 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50186 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50187 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50188 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50189 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50190 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50191 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50192 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50193 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50194 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50195 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50196 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50197 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50198 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50199 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50200 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50201 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50202 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50203 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50204 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50205 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50206 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50207 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50208 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50209 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50210 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50212 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50211 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50213 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50214 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50215 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50216 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50217 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50218 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50219 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50220 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /inc/stealc_daval.exe HTTP/1.1Host: specialcoupons.topConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: plantain-elk-b8pt.squarespace.com
Source: global traffic	DNS traffic detected: DNS query: specialcoupons.top

Source: unknown

HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continueConnection: Keep-Alive

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://DynDns.com
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://Paltalk.com
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4083918611.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCe
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000002E11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://checkip.dyndns.org/E
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4083918611.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://no-ip.com
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://ocsp.digicert.com0N
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: Amcache.hve.0.dr	String found in binary or memory: http://upx.sf.net
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: https://mozilla.org0/
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003548000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034CD000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000355E000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&&
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&U
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035EE000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003537000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034CD000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.F
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.P
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003595000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003526000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd29
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2I
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2~
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035EE000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003526000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6f
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6g
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6v
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035DD000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003526000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003584000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:1
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035D9000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003584000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003515000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdB
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBI
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBQ
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003573000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034A7000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003515000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034F3000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdF
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdF)
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdFb
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035CC000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034F3000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJ
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJD
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003573000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJV
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJq
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003504000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJy
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003607000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdN
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdNQ
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034DE000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003562000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdR
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003500000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdR9
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRI
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003548000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRl
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035B7000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034DE000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003548000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdV
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdVt
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdVv
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003548000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000355E000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZ
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZ?
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZH
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZq
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035EE000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003537000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdb
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdb1
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbG
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbV
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035EE000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdf
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdf)
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003526000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfL
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfo
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfw
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035DD000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003595000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003526000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdj
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdjg
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035DD000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003526000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003584000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdn
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdn8
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdnQ
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdnj
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdns
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035DD000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034AB000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdr
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003584000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrI
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003515000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrl
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003515000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdv
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdv3
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdvR
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003573000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035CC000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003511000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034F3000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdz
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdzq
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035CC000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003504000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034F3000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~J
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003573000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~i
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~r
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000002E11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000329A000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000310C000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003428000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com$
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com/api/comment/FlagComment
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: https://specialcoupons.top/inc/stealc_daval.exe
Source: bob.exe.0.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: bob.exe.0.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910

Key, Mouse, Clipboard, Microphone and Screen Capturing

Detected Agent Tesla keylogger

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000000.1641710806.0000000000752000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_Clipboard
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000000.1641710806.0000000000752000.00000002.00000001.01000000.00000003.sdmp	Memory string: set_Sendwebcam
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000000.1641710806.0000000000752000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_ComputerName
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000000.1641710806.0000000000752000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_UserName

Contains functionality to capture screen (.Net source)

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, B.cs

.Net Code: O_U

Installs a global keyboard hook

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Windows user hook set: 0 keyboard low level C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Jump to behavior

Creates a window with clipboard capturing capabilities

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: Process Memory Space: librewolf-124.0.2-1-windows-x86_64-setup.exe PID: 6968, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!

Yara detected AgentTesla

Source: Yara match	File source: Process Memory Space: librewolf-124.0.2-1-windows-x86_64-setup.exe PID: 6968, type: MEMORYSTR
Source: Yara match	File source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE
Source: Yara match	File source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1641710806.0000000000752000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Process Stats: CPU usage > 49%

Contains functionality to call native functions

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_05AF2D92 NtQuerySystemInformation,		0_2_05AF2D92
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_05AF2D57 NtQuerySystemInformation,		0_2_05AF2D57

Detected potential crypto function

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_051E0F78	0_2_051E0F78
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_051E3EE1	0_2_051E3EE1
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_051E2D0C	0_2_051E2D0C
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_051E0F68	0_2_051E0F68
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_051E1299	0_2_051E1299
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_065ED300	0_2_065ED300
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_065EA7E8	0_2_065EA7E8
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_065E5550	0_2_065E5550
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_065EA138	0_2_065EA138
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_065EA7D9	0_2_065EA7D9
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_065E51A8	0_2_065E51A8
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_06743130	0_2_06743130

PE / OLE file has an invalid certificate

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static PE information: invalid certificate

Sample file is different than original file name gathered from version info

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4098965601.00000000064F0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameIELibrary.dll4 vs librewolf-124.0.2-1-windows-x86_64-setup.exe
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000000.1641710806.0000000000752000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameIELibrary.dll4 vs librewolf-124.0.2-1-windows-x86_64-setup.exe
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000000.1641710806.0000000000752000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamefirefox.exe4 vs librewolf-124.0.2-1-windows-x86_64-setup.exe
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	Binary or memory string: OriginalFilenameIELibrary.dll4 vs librewolf-124.0.2-1-windows-x86_64-setup.exe
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	Binary or memory string: OriginalFilenamefirefox.exe4 vs librewolf-124.0.2-1-windows-x86_64-setup.exe

Uses 32bit PE files

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: Process Memory Space: librewolf-124.0.2-1-windows-x86_64-setup.exe PID: 6968, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, version = stealer, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, DJW.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, DJW.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.phis.troj.spyw.evad.winEXE@2/3@3/3

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_05AF244E AdjustTokenPrivileges,		0_2_05AF244E
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_05AF2417 AdjustTokenPrivileges,		0_2_05AF2417

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File created: C:\Users\user\AppData\Roaming\ScreenShot

Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File created: C:\Users\user\AppData\Local\Temp\bob.exe

Jump to behavior

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	ReversingLabs: Detection: 65%
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	Virustotal: Detection: 56%

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File read: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb source: librewolf-124.0.2-1-windows-x86_64-setup.exe
Source:	Binary string: r\VB.net\stealers\firefoxx64\firefox\obj\Debug\firefox.pdb source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Data Obfuscation

.NET source code contains potential unpacker

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, DJW.cs

.Net Code: FG System.Reflection.Assembly.Load(byte[])

PE file contains an invalid checksum

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static PE information: real checksum: 0x3898d should be: 0x4538c

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_013B0858 pushfd ; retf	0_2_013B085A
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_013B0891 pushfd ; retf	0_2_013B0892
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_064E15E2 pushad ; retf	0_2_064E15F9

Hooking and other Techniques for Hiding and Protection

Moves itself to temp directory

Source: c:\users\user\desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File moved: C:\Users\user\AppData\Local\Temp\tmpG152.tmp

Jump to behavior

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: librewolf-124.0.2-1-windows-x86_64-setup.exe PID: 6968, type: MEMORYSTR

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Memory allocated: 1100000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Memory allocated: 2E10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Memory allocated: 4E10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Memory allocated: 7D940000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Memory allocated: 7D940000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Memory allocated: 7D940000 memory reserve \| memory write watch	Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Window / User API: threadDelayed 887	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Window / User API: threadDelayed 2063	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Window / User API: threadDelayed 4733	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Window / User API: threadDelayed 1544	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe TID: 4304	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe TID: 4304	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe TID: 4304	Thread sleep time: -887000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe TID: 4304	Thread sleep time: -2063000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe TID: 4304	Thread sleep time: -70995s >= -30000s	Jump to behavior

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Code function: 0_2_05AF6682 GetSystemInfo,

0_2_05AF6682

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Thread delayed: delay time: 60000			Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: Amcache.hve.0.dr	Binary or memory string: VMware
Source: Amcache.hve.0.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.0.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.0.dr	Binary or memory string: VMware, Inc.
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4097791747.0000000005C60000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.0.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.0.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.0.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.0.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.0.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.0.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.0.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.0.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4083918611.0000000000D64000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.0.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.0.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.0.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.0.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.0.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.0.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.0.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.0.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.0.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.0.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.0.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.0.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.0.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.0.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.0.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.0.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.0.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Code function: 0_2_051E1D68 LdrInitializeThunk,

0_2_051E1D68

Enables debug privileges

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Memory allocated: page read and write | page guard

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

AV process strings found (often used to terminate AV products)

Source: Amcache.hve.0.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.0.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.0.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.0.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini			Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml			Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\FTP Navigator\Ftplist.txt			Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini

Jump to behavior

Yara detected Credential Stealer

Source: Yara match	File source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE
Source: Yara match	File source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1641710806.0000000000752000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4084685558.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: librewolf-124.0.2-1-windows-x86_64-setup.exe PID: 6968, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
198.185.159.177	plantain-elk-b8pt.squarespace.com	United States	53831	SQUARESPACEUS	true
158.101.44.242	checkip.dyndns.com	United States	31898	ORACLE-BMC-31898US	false
172.67.157.127	specialcoupons.top	United States	13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
plantain-elk-b8pt.squarespace.com	198.185.159.177	true
specialcoupons.top	172.67.157.127	true
checkip.dyndns.com	158.101.44.242	true
checkip.dyndns.org	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://plantain-elk-b8pt.squarespace.com/api/comment/FlagComment	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://checkip.dyndns.org/	false	URL Reputation: safe	unknown
https://specialcoupons.top/inc/stealc_daval.exe	true	7%, Virustotal, Browse Avira URL Cloud: malware	unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://specialcoupons.top/inc/stealc_daval.exe

Avira URL Cloud: Label: malware

Found malware configuration

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "Web Panel", "C2 url": "https://plantain-elk-b8pt.squarespace.com/api/comment/FlagComment"}

Multi AV Scanner detection for domain / URL

Source: specialcoupons.top	Virustotal: Detection: 7%			Perma Link
Source: https://specialcoupons.top/inc/stealc_daval.exe	Virustotal: Detection: 7%			Perma Link

Multi AV Scanner detection for submitted file

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	ReversingLabs: Detection: 65%
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	Virustotal: Detection: 56%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.0% probability

Machine Learning detection for sample

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Joe Sandbox ML: detected

Phishing

Yara detected BlockedWebSite

Source: Yara match

File source: C:\Users\user\AppData\Local\Temp\bob.exe, type: DROPPED

Uses 32bit PE files

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49732 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.157.127:443 -> 192.168.2.4:49736 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49756 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49757 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49773 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49772 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49774 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49776 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49777 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.4:49796 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49800 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49801 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49830 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49829 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49836 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49841 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49855 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49857 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49856 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49882 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49883 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49881 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49912 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49911 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49957 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49958 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49985 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49986 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49991 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49987 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49989 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49994 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49993 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49988 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49995 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49990 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50008 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50021 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50022 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50024 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50051 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50053 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50054 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50055 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50069 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50070 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50071 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50072 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50073 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50074 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50075 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50076 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50077 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50078 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50079 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50080 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50082 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50083 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50081 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50084 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50085 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50087 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50086 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50088 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50089 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50091 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50090 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50092 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50093 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50094 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50095 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50097 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50096 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50099 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50100 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50101 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50102 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50103 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50104 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50105 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50106 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50107 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50108 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50109 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50110 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50111 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50112 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50113 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50114 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50115 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50116 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.4:50116 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50117 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50118 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50119 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50120 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50121 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50122 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50123 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50124 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50125 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50126 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50127 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50128 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50129 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50130 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50131 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50132 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50133 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50134 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50135 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50136 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50137 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50138 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50139 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50140 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50141 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50142 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50143 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50144 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50145 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50147 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50146 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50148 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50149 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50150 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50151 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50152 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50153 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50154 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50155 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50156 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50157 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50158 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50159 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50160 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50161 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50163 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50162 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50164 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50165 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50166 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50167 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50168 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50169 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50170 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50171 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50172 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50173 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50174 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50175 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50176 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50177 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50178 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50179 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50180 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50181 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50182 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50183 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50184 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50185 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50186 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50187 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50188 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50189 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50190 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50191 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50192 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50193 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50194 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50195 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50196 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50197 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50198 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50199 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50200 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50201 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50202 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50203 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50204 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50205 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50206 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50207 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50208 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50209 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50210 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50212 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50211 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50213 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50214 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50215 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50216 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50217 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50218 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50219 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50220 version: TLS 1.0

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb source: librewolf-124.0.2-1-windows-x86_64-setup.exe
Source:	Binary string: r\VB.net\stealers\firefoxx64\firefox\obj\Debug\firefox.pdb source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Networking

Creates HTML files with .exe extension (expired dropper behavior)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File created: bob.exe.0.dr

Yara detected Generic Downloader

Source: Yara match	File source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE
Source: Yara match	File source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /inc/stealc_daval.exe HTTP/1.1Host: specialcoupons.topConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 198.185.159.177 198.185.159.177
Source: Joe Sandbox View	IP Address: 198.185.159.177 198.185.159.177
Source: Joe Sandbox View	IP Address: 158.101.44.242 158.101.44.242

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: SQUARESPACEUS SQUARESPACEUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

May check the online IP address of the machine

Source: unknown

DNS query: name: checkip.dyndns.org

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 314Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 590Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123818Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123806Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123806Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123846Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 125438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 125438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 125438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 125440Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 124482Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123806Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123806Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123806Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123806Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123806Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123806Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123752Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123750Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123754Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123750Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123752Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123760Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123760Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123760Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 123762Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 274Expect: 100-continue

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49732 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.157.127:443 -> 192.168.2.4:49736 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49756 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49757 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49773 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49772 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49774 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49776 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49777 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.4:49796 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49800 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49801 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49830 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49829 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49836 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49841 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49855 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49857 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49856 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49882 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49883 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49881 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49912 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49911 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49957 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49958 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49985 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49986 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49991 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49987 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49989 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49994 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49993 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49988 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49995 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49990 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50008 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50021 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50022 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50024 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50051 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50053 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50054 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50055 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50069 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50070 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50071 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50072 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50073 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50074 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50075 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50076 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50077 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50078 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50079 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50080 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50082 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50083 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50081 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50084 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50085 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50087 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50086 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50088 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50089 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50091 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50090 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50092 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50093 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50094 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50095 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50097 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50096 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50099 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50100 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50101 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50102 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50103 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50104 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50105 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50106 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50107 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50108 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50109 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50110 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50111 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50112 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50113 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50114 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50115 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50116 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.4:50116 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50117 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50118 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50119 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50120 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50121 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50122 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50123 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50124 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50125 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50126 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50127 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50128 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50129 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50130 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50131 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50132 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50133 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50134 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50135 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50136 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50137 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50138 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50139 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50140 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50141 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50142 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50143 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50144 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50145 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50147 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50146 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50148 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50149 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50150 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50151 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50152 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50153 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50154 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50155 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50156 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50157 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50158 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50159 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50160 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50161 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50163 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50162 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50164 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50165 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50166 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50167 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50168 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50169 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50170 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50171 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50172 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50173 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50174 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50175 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50176 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50177 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50178 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50179 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50180 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50181 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50182 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50183 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50184 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50185 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50186 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50187 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50188 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50189 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50190 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50191 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50192 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50193 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50194 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50195 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50196 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50197 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50198 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50199 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50200 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50201 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50202 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50203 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50204 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50205 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50206 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50207 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50208 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50209 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50210 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50212 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50211 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50213 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50214 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50215 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50216 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50217 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50218 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50219 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:50220 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /inc/stealc_daval.exe HTTP/1.1Host: specialcoupons.topConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: plantain-elk-b8pt.squarespace.com
Source: global traffic	DNS traffic detected: DNS query: specialcoupons.top

Source: unknown

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://DynDns.com
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://Paltalk.com
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4083918611.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCe
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000002E11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://checkip.dyndns.org/E
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4083918611.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://no-ip.com
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://ocsp.digicert.com0N
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: Amcache.hve.0.dr	String found in binary or memory: http://upx.sf.net
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: https://mozilla.org0/
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003548000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034CD000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000355E000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&&
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&U
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035EE000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003537000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034CD000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.F
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.P
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003595000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003526000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd29
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2I
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2~
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035EE000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003526000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6f
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6g
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6v
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035DD000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003526000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003584000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:1
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035D9000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003584000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003515000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdB
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBI
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBQ
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003573000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034A7000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003515000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034F3000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdF
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdF)
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdFb
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035CC000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034F3000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJ
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJD
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003573000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJV
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJq
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003504000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJy
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003607000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdN
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdNQ
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034DE000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003562000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdR
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003500000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdR9
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRI
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003548000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRl
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035B7000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034DE000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003548000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdV
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdVt
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdVv
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003548000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000355E000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZ
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZ?
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZH
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZq
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035EE000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003537000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdb
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdb1
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbG
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbV
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035EE000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdf
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdf)
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003526000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfL
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfo
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfw
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035DD000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003595000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003526000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdj
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdjg
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035DD000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003526000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003584000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdn
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdn8
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdnQ
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdnj
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdns
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035DD000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034AB000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdr
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003584000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrI
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003515000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrl
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003515000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdv
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdv3
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdvR
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003573000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035CC000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003511000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034F3000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdz
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdzq
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000035CC000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003504000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.00000000034F3000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~J
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003573000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~i
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~r
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000002E11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003609000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000329A000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003673000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000310C000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.000000000344A000.00000004.00000800.00020000.00000000.sdmp, librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4084685558.0000000003428000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com$
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com/api/comment/FlagComment
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: https://specialcoupons.top/inc/stealc_daval.exe
Source: bob.exe.0.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: bob.exe.0.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910

Key, Mouse, Clipboard, Microphone and Screen Capturing

Detected Agent Tesla keylogger

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000000.1641710806.0000000000752000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_Clipboard
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000000.1641710806.0000000000752000.00000002.00000001.01000000.00000003.sdmp	Memory string: set_Sendwebcam
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000000.1641710806.0000000000752000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_ComputerName
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000000.1641710806.0000000000752000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_UserName

Contains functionality to capture screen (.Net source)

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, B.cs

.Net Code: O_U

Installs a global keyboard hook

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Windows user hook set: 0 keyboard low level C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Jump to behavior

Creates a window with clipboard capturing capabilities

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: Process Memory Space: librewolf-124.0.2-1-windows-x86_64-setup.exe PID: 6968, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!

Yara detected AgentTesla

Source: Yara match	File source: Process Memory Space: librewolf-124.0.2-1-windows-x86_64-setup.exe PID: 6968, type: MEMORYSTR
Source: Yara match	File source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE
Source: Yara match	File source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1641710806.0000000000752000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Process Stats: CPU usage > 49%

Contains functionality to call native functions

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_05AF2D92 NtQuerySystemInformation,		0_2_05AF2D92
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_05AF2D57 NtQuerySystemInformation,		0_2_05AF2D57

Detected potential crypto function

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_051E0F78	0_2_051E0F78
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_051E3EE1	0_2_051E3EE1
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_051E2D0C	0_2_051E2D0C
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_051E0F68	0_2_051E0F68
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_051E1299	0_2_051E1299
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_065ED300	0_2_065ED300
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_065EA7E8	0_2_065EA7E8
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_065E5550	0_2_065E5550
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_065EA138	0_2_065EA138
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_065EA7D9	0_2_065EA7D9
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_065E51A8	0_2_065E51A8
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_06743130	0_2_06743130

PE / OLE file has an invalid certificate

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static PE information: invalid certificate

Sample file is different than original file name gathered from version info

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4098965601.00000000064F0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameIELibrary.dll4 vs librewolf-124.0.2-1-windows-x86_64-setup.exe
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000000.1641710806.0000000000752000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameIELibrary.dll4 vs librewolf-124.0.2-1-windows-x86_64-setup.exe
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000000.1641710806.0000000000752000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamefirefox.exe4 vs librewolf-124.0.2-1-windows-x86_64-setup.exe
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	Binary or memory string: OriginalFilenameIELibrary.dll4 vs librewolf-124.0.2-1-windows-x86_64-setup.exe
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	Binary or memory string: OriginalFilenamefirefox.exe4 vs librewolf-124.0.2-1-windows-x86_64-setup.exe

Uses 32bit PE files

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: Process Memory Space: librewolf-124.0.2-1-windows-x86_64-setup.exe PID: 6968, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, version = stealer, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, DJW.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, DJW.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.phis.troj.spyw.evad.winEXE@2/3@3/3

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_05AF244E AdjustTokenPrivileges,		0_2_05AF244E
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_05AF2417 AdjustTokenPrivileges,		0_2_05AF2417

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File created: C:\Users\user\AppData\Roaming\ScreenShot

Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File created: C:\Users\user\AppData\Local\Temp\bob.exe

Jump to behavior

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	ReversingLabs: Detection: 65%
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe	Virustotal: Detection: 56%

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File read: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Section loaded: dciman32.dll	Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb source: librewolf-124.0.2-1-windows-x86_64-setup.exe
Source:	Binary string: r\VB.net\stealers\firefoxx64\firefox\obj\Debug\firefox.pdb source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Data Obfuscation

.NET source code contains potential unpacker

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, DJW.cs

.Net Code: FG System.Reflection.Assembly.Load(byte[])

PE file contains an invalid checksum

Source: librewolf-124.0.2-1-windows-x86_64-setup.exe

Static PE information: real checksum: 0x3898d should be: 0x4538c

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_013B0858 pushfd ; retf	0_2_013B085A
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_013B0891 pushfd ; retf	0_2_013B0892
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Code function: 0_2_064E15E2 pushad ; retf	0_2_064E15F9

Hooking and other Techniques for Hiding and Protection

Moves itself to temp directory

Source: c:\users\user\desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File moved: C:\Users\user\AppData\Local\Temp\tmpG152.tmp

Jump to behavior

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: librewolf-124.0.2-1-windows-x86_64-setup.exe PID: 6968, type: MEMORYSTR

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Memory allocated: 1100000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Memory allocated: 2E10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Memory allocated: 4E10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Memory allocated: 7D940000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Memory allocated: 7D940000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Memory allocated: 7D940000 memory reserve \| memory write watch	Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Window / User API: threadDelayed 887	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Window / User API: threadDelayed 2063	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Window / User API: threadDelayed 4733	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Window / User API: threadDelayed 1544	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe TID: 4304	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe TID: 4304	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe TID: 4304	Thread sleep time: -887000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe TID: 4304	Thread sleep time: -2063000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe TID: 4304	Thread sleep time: -70995s >= -30000s	Jump to behavior

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Code function: 0_2_05AF6682 GetSystemInfo,

0_2_05AF6682

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Thread delayed: delay time: 60000			Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: Amcache.hve.0.dr	Binary or memory string: VMware
Source: Amcache.hve.0.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.0.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.0.dr	Binary or memory string: VMware, Inc.
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4097791747.0000000005C60000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.0.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.0.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.0.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.0.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.0.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.0.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.0.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.0.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: librewolf-124.0.2-1-windows-x86_64-setup.exe, 00000000.00000002.4083918611.0000000000D64000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.0.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.0.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.0.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.0.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.0.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.0.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.0.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.0.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.0.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.0.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.0.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.0.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.0.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.0.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.0.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.0.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.0.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Code function: 0_2_051E1D68 LdrInitializeThunk,

0_2_051E1D68

Enables debug privileges

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Memory allocated: page read and write | page guard

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

AV process strings found (often used to terminate AV products)

Source: Amcache.hve.0.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.0.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.0.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.0.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini			Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml			Jump to behavior
Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe	File opened: C:\FTP Navigator\Ftplist.txt			Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\librewolf-124.0.2-1-windows-x86_64-setup.exe

File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini

Jump to behavior

Yara detected Credential Stealer

Source: Yara match	File source: librewolf-124.0.2-1-windows-x86_64-setup.exe, type: SAMPLE
Source: Yara match	File source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.76af90.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.766cb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.librewolf-124.0.2-1-windows-x86_64-setup.exe.750000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1641710806.0000000000752000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4084685558.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: librewolf-124.0.2-1-windows-x86_64-setup.exe PID: 6968, type: MEMORYSTR

ID:	1502484
Product:	CloudBasic
Start time:	21:44:06
Start date:	01.09.2024
Sample:	librewolf-124.0.2-1-windows-x86_64-setup.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	a03ef6f7f1c8a1fa2d0bc9789e16fb4f
SHA1:	6f56f9bdab5dbbe11082ec0daec4738f477f5c4b
SHA256:	ace3f0a2ce93c0c6bd26eb162523dc58db3f03fa394bc0704dc41fcdb2949b55
Filetype:	Win32 Executable (generic) Net Framework (10011505/4) 49.98%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\bob.exe	HTML document, ASCII text, with very long lines (394)	5B2AD7182949BCC950250B20E05E3D54	3B8896429C0E397BBEEF7F896C8265ED2FF5EDB9	42F3329478F82CA0924D6812A62537FC65B5DE53DA4E19EF627E4D3B486F186A
C:\Users\user\AppData\Roaming\ScreenShot\screen.jpeg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3	769992A6F5B797A266CC1EEAE7878100	5D6F744DC565811291D48CD369FC441FAB7E4FAF	3E9AC71F04D815FA131E812A9070DFBE341DD9DC6E04CE1D6782C618A83F0371
C:\Windows\appcompat\Programs\Amcache.hve	MS Windows registry file, NT/2000 or above	DC41F5B2279565991F193E13FFD7BD49	5CF8036C3E293B47DCBA4DE0D950C89240ACDF0E	391829352298E32D70BF064F014D0DADBF195D91EEEB021797F61BB19A52230E

Windows Analysis Report
librewolf-124.0.2-1-windows-x86_64-setup.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Phishing

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report librewolf-124.0.2-1-windows-x86_64-setup.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Phishing

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
librewolf-124.0.2-1-windows-x86_64-setup.exe

Malware Threat Intel
Provided by