Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
random.exe

Overview

General Information

Sample name:random.exe
Analysis ID:1596842
MD5:b986d1882535e8f044c3d091d324d2f9
SHA1:af7fd2693f6f91c6655bde5621ad293daa53bcae
SHA256:1d5f4f9082b27779f594b673840b56b01c5c925de8dac6b4a648543ddb9dd0b3
Tags:CredentialFlusherexeuser-aachum
Infos:

Detection

Credential Flusher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • random.exe (PID: 6660 cmdline: "C:\Users\user\Desktop\random.exe" MD5: B986D1882535E8F044C3D091D324D2F9)
    • taskkill.exe (PID: 6688 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 4320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5756 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 1440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5844 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6712 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 4320 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 5756 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 4020 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 6404 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 4504 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2224 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c958a673-8d2a-4932-a065-728f92b5ad4e} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 1b575770310 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7672 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4112 -parentBuildID 20230927232528 -prefsHandle 3816 -prefMapHandle 3048 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cef76444-a689-447f-b1a3-9f982a55c08d} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 1b507bdf410 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7792 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3984 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 2784 -prefMapHandle 2768 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c18f3a26-7389-4e0f-8ffe-2a8c2ec164cb} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 1b50fda6910 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: random.exe PID: 6660JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: random.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: random.exeReversingLabs: Detection: 29%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
    Machine Learning detection for sample
    Source: random.exeJoe Sandbox ML: detected
    Source: random.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49748 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49753 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49765 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49771 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49772 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49773 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49777 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.4:49778 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49782 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49781 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49783 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49784 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49860 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49861 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49862 version: TLS 1.2
    Source: Binary string: UxTheme.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: rsaenh.pdb source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wininet.pdb source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: UMPDC.pdb source: firefox.exe, 0000000D.00000003.1956339249.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935887156.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winsta.pdb source: firefox.exe, 0000000D.00000003.1957373650.000001B5091A4000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: rpcrt4.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: WscApi.pdb source: firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957158325.000001B50D742000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msvcrt.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000000D.00000003.1957373650.000001B50915A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957755236.000001B508E62000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 0000000D.00000003.1968490925.000001B50D698000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shcore.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nssckbi.pdb source: firefox.exe, 0000000D.00000003.1967933077.000001B50D971000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: userenv.pdbP4O source: firefox.exe, 0000000D.00000003.1957158325.000001B50D728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1936294192.000001B50D728000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dcomp.pdb source: firefox.exe, 0000000D.00000003.1968013102.000001B50D6C1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winnsi.pdb source: firefox.exe, 0000000D.00000003.1957755236.000001B508E62000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: cryptsp.pdb source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msimg32.pdb0 source: firefox.exe, 0000000D.00000003.1956339249.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935887156.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sspicli.pdb source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shell32.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntmarta.pdb@ source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntmarta.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: urlmon.pdb source: firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957158325.000001B50D742000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dnsapi.pdb source: firefox.exe, 0000000D.00000003.1968539197.000001B508E32000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: freebl3.pdbcanvas-device-reset source: firefox.exe, 0000000D.00000003.1956339249.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935887156.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: userenv.pdb source: firefox.exe, 0000000D.00000003.1957158325.000001B50D728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1936294192.000001B50D728000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shlwapi.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winhttp.pdb source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shlwapi.pdbbrowser/tabbrowser.ftl source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mswsock.pdbps_quad_mask_FAST_PATH source: firefox.exe, 0000000D.00000003.1968581532.000001B508D98000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msimg32.pdb source: firefox.exe, 0000000D.00000003.1956339249.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935887156.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sspicli.pdbP4O source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: win32u.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: devobj.pdb source: firefox.exe, 0000000D.00000003.1957755236.000001B508E62000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: d3d11.pdb source: firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957158325.000001B50D742000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dwmapi.pdb source: firefox.exe, 0000000D.00000003.1957373650.000001B5091A4000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: srvcli.pdb source: firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957158325.000001B50D742000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: imm32.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: freebl3.pdb source: firefox.exe, 0000000D.00000003.1956339249.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935887156.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: gdi32.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ws2_32.pdb source: firefox.exe, 0000000D.00000003.1959544276.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1970424570.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937433712.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: avrt.pdb source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: WLDP.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mswsock.pdb source: firefox.exe, 0000000D.00000003.1968581532.000001B508D98000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sechost.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nsi.pdb source: firefox.exe, 0000000D.00000003.1957755236.000001B508E42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1968539197.000001B508E32000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shell32.pdbP4O source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: winmm.pdb source: firefox.exe, 0000000D.00000003.1963528343.000001B50834E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nssckbi.pdb@ source: firefox.exe, 0000000D.00000003.1956339249.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935887156.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winrnr.pdb source: firefox.exe, 0000000D.00000003.1957755236.000001B508E42000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msctf.pdb source: firefox.exe, 0000000D.00000003.1957373650.000001B5091A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957755236.000001B508E62000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ole32.pdb source: firefox.exe, 0000000D.00000003.1959544276.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1970424570.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937433712.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mscms.pdb source: firefox.exe, 0000000D.00000003.1957158325.000001B50D728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1936294192.000001B50D728000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: user32.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: twinapi.pdb source: firefox.exe, 0000000D.00000003.1957755236.000001B508E62000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: combase.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dxgi.pdb source: firefox.exe, 0000000D.00000003.1968013102.000001B50D6C1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nss3.pdb source: firefox.exe, 0000000D.00000003.1959544276.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1970424570.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937433712.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0025DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0025DBBE
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002668EE FindFirstFileW,FindClose,0_2_002668EE
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0026698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0026698F
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0025D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0025D076
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0025D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0025D3A9
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00269642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00269642
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0026979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0026979D
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00269B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00269B2B
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00265C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00265C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 214MB
    Source: unknownNetwork traffic detected: DNS query count 33
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 151.101.65.91 151.101.65.91
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0026CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0026CE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000D.00000003.1923301495.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1923301495.000001B57FD71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798825260.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1923301495.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1923301495.000001B57FD71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798825260.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1923301495.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798825260.000001B57FD95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1923301495.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798825260.000001B57FD95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1923301495.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798825260.000001B57FD95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1920957112.000001B508F97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1807852510.000001B506595000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1923301495.000001B57FD8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798825260.000001B57FD8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949446880.000001B57FD8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1806435286.000001B50DFB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1806435286.000001B50DFB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1953303570.000001B50DFE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937661578.000001B5072E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933214080.000001B50DFE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1935147535.000001B50D991000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1809548745.000001B50D991000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955517175.000001B50D991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1935147535.000001B50D991000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1809548745.000001B50D991000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955517175.000001B50D991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1806435286.000001B50DFB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1806435286.000001B50DFB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000010.00000002.2954495285.000001E5CC30A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2952868840.000002DDD660C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000010.00000002.2954495285.000001E5CC30A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2952868840.000002DDD660C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000010.00000002.2954495285.000001E5CC30A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2952868840.000002DDD660C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1927766704.000001B5115EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953303570.000001B50DFE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937661578.000001B5072E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1927766704.000001B5115EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1810376032.000001B5072F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: shavar.prod.mozaws.net
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: a19.dscg10.akamai.net
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000D.00000003.1969816595.000001B507DDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
    Source: firefox.exe, 0000000D.00000003.1969816595.000001B507DDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
    Source: firefox.exe, 0000000D.00000003.1969816595.000001B507DDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
    Source: firefox.exe, 0000000D.00000003.1969816595.000001B507DDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000D.00000003.1948261329.000001B505285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000D.00000003.1948261329.000001B505285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000D.00000003.1935147535.000001B50D9B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000D.00000003.1935147535.000001B50D9B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000D.00000003.1950959404.000001B50EC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1926753912.000001B57F02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
    Source: firefox.exe, 0000000D.00000003.1950959404.000001B50EC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1926753912.000001B57F02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
    Source: firefox.exe, 0000000D.00000003.1749006417.000001B57E726000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
    Source: firefox.exe, 0000000D.00000003.1966861203.000001B57E761000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949856491.000001B57E75C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1748914353.000001B57E762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
    Source: firefox.exe, 0000000D.00000003.1749006417.000001B57E726000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
    Source: firefox.exe, 0000000D.00000003.1966861203.000001B57E761000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949856491.000001B57E75C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1748914353.000001B57E762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
    Source: firefox.exe, 0000000D.00000003.1749006417.000001B57E726000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
    Source: firefox.exe, 0000000D.00000003.1807852510.000001B50655E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
    Source: firefox.exe, 0000000D.00000003.1807852510.000001B50655E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
    Source: firefox.exe, 0000000D.00000003.1807852510.000001B50655E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
    Source: firefox.exe, 0000000D.00000003.1879515271.000001B508FE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1807852510.000001B50655E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000D.00000003.1801296687.000001B508D42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1830351136.000001B5061C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1817540654.000001B506AB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1867255987.000001B506AB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1934294138.000001B50DA2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1944204917.000001B506882000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912562051.000001B505AFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917442328.000001B506876000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865065184.000001B5062C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1796816627.000001B50DCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1817540654.000001B506AB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1881959658.000001B50DCB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1801296687.000001B508D60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1963435108.000001B508356000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1830351136.000001B5061CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813334452.000001B506824000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912562051.000001B505ADB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1797089741.000001B50DCB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1969499749.000001B508331000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1944204917.000001B506887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917336508.000001B506890000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000D.00000003.1948261329.000001B505285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.thawte.com0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000D.00000003.1957755236.000001B508E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000D.00000003.1969816595.000001B507DDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
    Source: firefox.exe, 0000000D.00000003.1923301495.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1960990290.000001B57FD9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950795205.000001B50F0F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1799882839.000001B50F0E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1947651622.000001B57FD9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798825260.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930249642.000001B50F0F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
    Source: firefox.exe, 00000010.00000003.1798783852.000001E5CCA6D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1797046953.000001E5CCA6D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2959783755.000001E5CCA6D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1801270958.000001E5CCA6D000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.13.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000D.00000003.1809640666.000001B508158000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000D.00000003.1809640666.000001B508158000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000D.00000003.1926476126.000001B57FD48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000D.00000003.1808967052.000001B50DD63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752871459.000001B50565A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753066650.000001B505677000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000D.00000003.1801296687.000001B508D37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000D.00000003.1940254403.000001B50FD51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950464167.000001B50FD51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1971635919.000001B50FD56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000D.00000003.1923301495.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798825260.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000D.00000003.1954418239.000001B50DA5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933832452.000001B50DA5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 0000000D.00000003.1826136420.000001B506BBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902812671.000001B506D94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1872090740.000001B506BBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1873833283.000001B506B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1824979374.000001B506B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1821633234.000001B506D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901150600.000001B506B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1873833283.000001B506BBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1874421699.000001B506D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820239327.000001B506D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1872090740.000001B506B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903485090.000001B506D9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820158826.000001B506BBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864672521.000001B506D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1829423448.000001B506BBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1826243961.000001B506B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823346633.000001B506B76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000D.00000003.1963872952.000001B57FD10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000D.00000003.1927766704.000001B5115EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000D.00000003.1927766704.000001B5115EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000D.00000003.1927766704.000001B5115EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000D.00000003.1927766704.000001B5115EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000D.00000003.1927766704.000001B5115EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000D.00000003.1810376032.000001B5072F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1807852510.000001B506595000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000D.00000003.1797878360.000001B50DEFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953830726.000001B50DD60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1808967052.000001B50DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 0000000D.00000003.1923301495.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798825260.000001B57FD95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
    Source: firefox.exe, 0000000D.00000003.1808425422.000001B5064B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000D.00000003.1809548745.000001B50D9A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1967933077.000001B50D971000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1808967052.000001B50DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000D.00000003.1927766704.000001B51156D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1965200736.000001B511572000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 0000000D.00000003.1949701136.000001B57E7B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2954196743.0000022AB73CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2958245293.000002DDD6903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
    Source: firefox.exe, 0000000D.00000003.1949701136.000001B57E7B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2954196743.0000022AB73CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2958245293.000002DDD6903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
    Source: firefox.exe, 0000000D.00000003.1927766704.000001B511590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000D.00000003.1868123466.000001B506231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
    Source: firefox.exe, 0000000D.00000003.1868123466.000001B506231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866197823.000001B50617D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000D.00000003.1868123466.000001B506231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866197823.000001B50617D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000D.00000003.1868123466.000001B506231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866745974.000001B50616F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866197823.000001B50617D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000D.00000003.1868123466.000001B506231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866197823.000001B50617D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000D.00000003.1868123466.000001B506231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866197823.000001B50617D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 0000000D.00000003.1868123466.000001B506231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866197823.000001B50617D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000D.00000003.1868123466.000001B506231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866197823.000001B50617D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000D.00000003.1868123466.000001B506231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
    Source: firefox.exe, 0000000D.00000003.1868123466.000001B506231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866912877.000001B506164000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866745974.000001B50616F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866197823.000001B50617D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000D.00000003.1868123466.000001B506231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866197823.000001B50617D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000D.00000003.1752389908.000001B505400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752726357.000001B50563C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752571186.000001B50561F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752871459.000001B50565A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753066650.000001B505677000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
    Source: firefox.exe, 0000000D.00000003.1936294192.000001B50D728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 0000000D.00000003.1949701136.000001B57E7B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2954196743.0000022AB73CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2958245293.000002DDD6903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
    Source: firefox.exe, 0000000D.00000003.1949701136.000001B57E7B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2954196743.0000022AB73CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2958245293.000002DDD6903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000D.00000003.1801206138.000001B50D7EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1967678407.000001B50DAD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000D.00000003.1955771049.000001B50D7EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000D.00000003.1883033454.000001B50DC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000D.00000003.1925558802.000001B509205000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902137908.000001B506A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972987375.000001B50E343000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921507981.000001B505899000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1868265505.000001B50EAA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1931486671.000001B50E343000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951659576.000001B50E343000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000D.00000003.1926753912.000001B57F02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
    Source: firefox.exe, 0000000D.00000003.1950959404.000001B50EC2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
    Source: firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
    Source: firefox.exe, 0000000D.00000003.1950959404.000001B50EC2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
    Source: firefox.exe, 0000000D.00000003.1926753912.000001B57F02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
    Source: firefox.exe, 0000000D.00000003.1950959404.000001B50EC2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
    Source: firefox.exe, 0000000D.00000003.1926753912.000001B57F02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
    Source: firefox.exe, 0000000D.00000003.1950959404.000001B50EC29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930534105.000001B50EC29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
    Source: firefox.exe, 0000000D.00000003.1926753912.000001B57F02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
    Source: firefox.exe, 0000000D.00000003.1917336508.000001B506889000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1944204917.000001B506887000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000D.00000003.1883033454.000001B50DC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000D.00000003.1883033454.000001B50DC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000D.00000003.1883033454.000001B50DC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000D.00000003.1923301495.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798825260.000001B57FD95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
    Source: firefox.exe, 0000000D.00000003.1808967052.000001B50DD63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752871459.000001B50565A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753066650.000001B505677000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000D.00000003.1808967052.000001B50DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
    Source: firefox.exe, 0000000D.00000003.1755537770.000001B502C25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755779546.000001B502C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754674295.000001B502C33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000D.00000003.1755537770.000001B502C25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755779546.000001B502C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754674295.000001B502C33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 0000000D.00000003.1926753912.000001B57F02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
    Source: firefox.exe, 0000000D.00000003.1950959404.000001B50EC2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
    Source: firefox.exe, 0000000D.00000003.1957373650.000001B5091F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1923301495.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1962380805.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798825260.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1971687529.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2952868840.000002DDD6613000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000D.00000003.1804423988.000001B50669E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
    Source: firefox.exe, 0000000D.00000003.1800470918.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 0000000D.00000003.1957373650.000001B5091F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1923301495.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1962380805.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798825260.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1971687529.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2952868840.000002DDD6613000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000014.00000002.2952868840.000002DDD66C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000014.00000002.2952868840.000002DDD66C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 0000000D.00000003.1971687529.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC32F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2952868840.000002DDD6630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000D.00000003.1954418239.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000D.00000003.1954418239.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000D.00000003.1954418239.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000D.00000003.1954418239.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000D.00000003.1954418239.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000D.00000003.1954418239.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000D.00000003.1954418239.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 00000014.00000002.2952868840.000002DDD66C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000D.00000003.1962380805.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1971687529.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000D.00000003.1954418239.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000D.00000003.1933832452.000001B50DA5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 0000000D.00000003.1954418239.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 00000014.00000002.2952868840.000002DDD66C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000D.00000003.1962380805.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1971687529.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000D.00000003.1962380805.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1971687529.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000D.00000003.1962380805.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1971687529.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000D.00000003.1883033454.000001B50DC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000D.00000003.1881959658.000001B50DCB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1797089741.000001B50DCB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1796816627.000001B50DC8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000D.00000003.1881959658.000001B50DCB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1797089741.000001B50DCB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1796816627.000001B50DC8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000D.00000003.1883033454.000001B50DC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000D.00000003.1883033454.000001B50DC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000D.00000003.1752389908.000001B505400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752726357.000001B50563C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752571186.000001B50561F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752871459.000001B50565A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753066650.000001B505677000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000D.00000003.1939922775.000001B50FE0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 0000000D.00000003.1962380805.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1971687529.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 0000000D.00000003.1923301495.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798825260.000001B57FD95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
    Source: firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000D.00000003.1902137908.000001B506A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921507981.000001B505899000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1943232945.000001B5058CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1863696617.000001B50EAFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000D.00000003.1929389276.000001B50FDCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000D.00000003.1929389276.000001B50FDCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000D.00000003.1929389276.000001B50FDCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000D.00000003.1929389276.000001B50FDCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000D.00000003.1929389276.000001B50FDCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: firefox.exe, 0000000D.00000003.1954418239.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.13.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000D.00000003.1929001750.000001B51095A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1970738768.000001B51096B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1923301495.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798825260.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2952868840.000002DDD66F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000D.00000003.1950174534.000001B50FDAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/fd3b4080-017f-4247-a10e-75300
    Source: firefox.exe, 0000000D.00000003.1962380805.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1971687529.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000D.00000003.1883033454.000001B50DC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1808967052.000001B50DD78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953830726.000001B50DD79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000D.00000003.1807852510.000001B50655E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
    Source: firefox.exe, 0000000D.00000003.1807852510.000001B50655E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
    Source: firefox.exe, 0000000D.00000003.1807852510.000001B50655E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
    Source: firefox.exe, 0000000D.00000003.1807852510.000001B50655E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
    Source: firefox.exe, 0000000D.00000003.1883033454.000001B50DC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000D.00000003.1883033454.000001B50DC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000D.00000003.1883033454.000001B50DC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 0000000D.00000003.1808425422.000001B5064CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1808425422.000001B5064CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 0000000D.00000003.1812796070.000001B506964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890143554.000001B50694C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.li
    Source: firefox.exe, 0000000D.00000003.1801296687.000001B508D37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000D.00000003.1801296687.000001B508D37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000D.00000003.1927766704.000001B51156D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925558802.000001B509205000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902137908.000001B506A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1965200736.000001B511572000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921507981.000001B505899000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1868265505.000001B50EAA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1931486671.000001B50E343000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000D.00000003.1755537770.000001B502C25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755779546.000001B502C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754674295.000001B502C33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000D.00000003.1755537770.000001B502C25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755779546.000001B502C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754674295.000001B502C33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000D.00000003.1755537770.000001B502C25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755779546.000001B502C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754674295.000001B502C33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 00000010.00000002.2954495285.000001E5CC386000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2952868840.000002DDD668F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000D.00000003.1755537770.000001B502C25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755779546.000001B502C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754674295.000001B502C33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000D.00000003.1755537770.000001B502C25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755779546.000001B502C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754674295.000001B502C33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000D.00000003.1965245480.000001B511551000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 0000000D.00000003.1971687529.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000D.00000003.1932832613.000001B50E325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1753066650.000001B505677000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000D.00000003.1917336508.000001B506889000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1944204917.000001B506887000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000D.00000003.1971993100.000001B50E35F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1931486671.000001B50E343000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951659576.000001B50E343000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1971014383.000001B510918000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000D.00000003.1968490925.000001B50D698000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1932832613.000001B50E325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000D.00000003.1808425422.000001B5064CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1807852510.000001B506595000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
    Source: firefox.exe, 0000000D.00000003.1807852510.000001B506595000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000D.00000003.1934611094.000001B50D9FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2952868840.000002DDD6613000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000D.00000003.1934611094.000001B50D9FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000D.00000003.1954418239.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000D.00000003.1954418239.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 0000000D.00000003.1923301495.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1962380805.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798825260.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1971687529.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957755236.000001B508E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2960057543.000001E5CCF08000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2952868840.000002DDD66F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 0000000D.00000003.1807852510.000001B506595000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 0000000D.00000003.1810376032.000001B5072F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1807852510.000001B506595000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 0000000D.00000003.1926753912.000001B57F06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000D.00000003.1953830726.000001B50DD60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000D.00000003.1808967052.000001B50DD78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953830726.000001B50DD79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000D.00000003.1950294285.000001B50FD8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
    Source: firefox.exe, 0000000D.00000003.1880094743.000001B5082B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000D.00000003.1968677486.000001B508D8F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1801296687.000001B508D8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 0000000D.00000003.1950294285.000001B50FD8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
    Source: firefox.exe, 0000000D.00000003.1883033454.000001B50DC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
    Source: firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
    Source: firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
    Source: firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000D.00000003.1926753912.000001B57F08D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
    Source: firefox.exe, 0000000D.00000003.1806435286.000001B50DFB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955517175.000001B50D991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000D.00000003.1962380805.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1971687529.000001B50F0AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000D.00000003.1797878360.000001B50DEFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953830726.000001B50DD60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955771049.000001B50D7D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1808967052.000001B50DD63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935551099.000001B50D7B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000D.00000003.1883033454.000001B50DC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000D.00000003.1953830726.000001B50DD60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1808967052.000001B50DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000D.00000003.1806435286.000001B50DFB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955517175.000001B50D991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 0000000D.00000003.1949701136.000001B57E7B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2954196743.0000022AB73CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2958245293.000002DDD6903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
    Source: firefox.exe, 0000000D.00000003.1815198513.000001B5069CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752389908.000001B505400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752726357.000001B50563C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1808425422.000001B50645F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752571186.000001B50561F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752871459.000001B50565A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753066650.000001B505677000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000D.00000003.1807852510.000001B50657E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
    Source: firefox.exe, 0000000D.00000003.1926476126.000001B57FD4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000D.00000003.1935147535.000001B50D991000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1809548745.000001B50D991000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955517175.000001B50D991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000D.00000003.1953830726.000001B50DD60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1808967052.000001B50DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000D.00000003.1935147535.000001B50D991000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1809548745.000001B50D991000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955517175.000001B50D991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000D.00000003.1953830726.000001B50DD60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1808967052.000001B50DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 0000000D.00000003.1935147535.000001B50D991000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1809548745.000001B50D991000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955517175.000001B50D991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000D.00000003.1935147535.000001B50D991000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1809548745.000001B50D991000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955517175.000001B50D991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000D.00000003.1949701136.000001B57E7B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2954196743.0000022AB73CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2958245293.000002DDD6903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
    Source: firefox.exe, 0000000D.00000003.1808967052.000001B50DDB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000D.00000003.1962380805.000001B50F057000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000D.00000003.1808967052.000001B50DDB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000D.00000003.1752389908.000001B505400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752726357.000001B50563C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752571186.000001B50561F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752871459.000001B50565A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753066650.000001B505677000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000D.00000003.1808967052.000001B50DDB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1807852510.000001B506595000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000D.00000003.1808967052.000001B50DDB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1953830726.000001B50DD60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1808967052.000001B50DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 0000000D.00000003.1953830726.000001B50DD60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1808967052.000001B50DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000D.00000003.1953830726.000001B50DD60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1808967052.000001B50DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000D.00000003.1807852510.000001B506577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1926379700.000001B57FD5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1969816595.000001B507DC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 0000000D.00000003.1950294285.000001B50FD8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
    Source: firefox.exe, 0000000D.00000003.1804423988.000001B50669E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000D.00000003.1938776033.000001B511590000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1967206681.000001B5115C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1964923033.000001B51159E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1927766704.000001B511590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: firefox.exe, 0000000D.00000003.1950294285.000001B50FD8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
    Source: firefox.exe, 0000000D.00000003.1929389276.000001B50FDB4000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.13.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000D.00000003.1933525841.000001B50DFA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950294285.000001B50FD8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1808425422.000001B5064A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
    Source: firefox.exe, 0000000D.00000003.1950294285.000001B50FD8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000010.00000002.2954495285.000001E5CC3C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2952868840.000002DDD66F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000D.00000003.1949611376.000001B57FD2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
    Source: firefox.exe, 0000000D.00000003.1954418239.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000D.00000003.1966900605.000001B57E75E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1748943305.000001B57E75F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949856491.000001B57E75C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/O
    Source: firefox.exe, 00000014.00000002.2952868840.000002DDD66F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/T
    Source: firefox.exe, 0000000F.00000002.2954196743.0000022AB73CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/US
    Source: firefox.exe, 0000000D.00000003.1954418239.000001B50DA86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933832452.000001B50DA86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 0000000D.00000003.1933525841.000001B50DFA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950294285.000001B50FD8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000D.00000003.1801296687.000001B508D37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000D.00000003.1955771049.000001B50D7D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935551099.000001B50D7B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000D.00000003.1748140918.000001B57E8C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
    Source: firefox.exe, 0000000D.00000003.1806435286.000001B50DFB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000D.00000003.1920957112.000001B508F97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000D.00000003.1812796070.000001B506964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890143554.000001B50694C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.ca
    Source: firefox.exe, 0000000D.00000003.1806435286.000001B50DFB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955517175.000001B50D991000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC30A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2952868840.000002DDD660C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000D.00000003.1955771049.000001B50D7D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935551099.000001B50D7B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 0000000D.00000003.1950959404.000001B50EC29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930534105.000001B50EC29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1926753912.000001B57F02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
    Source: firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000D.00000003.1968490925.000001B50D698000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957158325.000001B50D728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1936294192.000001B50D728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.13.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000010.00000002.2953849232.000001E5CC2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sig
    Source: firefox.exe, 00000014.00000002.2957457183.000002DDD67E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sigdG
    Source: firefox.exe, 0000000D.00000003.1955517175.000001B50D991000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901018840.000001B506DAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2951399418.0000022AB6F40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2952702243.0000022AB7004000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2951399418.0000022AB6F4A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2953849232.000001E5CC2B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2950015081.000001E5CBF3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2950015081.000001E5CBF30000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2951231133.000002DDD6460000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2957457183.000002DDD67E4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2951231133.000002DDD646A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000B.00000002.1732036435.000002AA05C90000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1745524066.000001A6717A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 0000000F.00000002.2951399418.0000022AB6F40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2952702243.0000022AB7004000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2953849232.000001E5CC2B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2950015081.000001E5CBF30000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2951231133.000002DDD6460000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2957457183.000002DDD67E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49748 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49753 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49765 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49771 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49772 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49773 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49777 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.4:49778 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49782 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49781 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49783 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49784 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49860 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49861 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49862 version: TLS 1.2
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0026EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0026EAFF
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0026ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0026ED6A
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0026EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0026EAFF
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0025AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0025AA57
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00289576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00289576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: random.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: random.exe, 00000000.00000002.1774769294.00000000002B2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_5a0ab540-7
    Source: random.exe, 00000000.00000002.1774769294.00000000002B2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_56af3f4b-c
    Source: random.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_1630f60c-9
    Source: random.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_ea5b66c1-4
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E5CC2721F2 NtQuerySystemInformation,16_2_000001E5CC2721F2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E5CC279277 NtQuerySystemInformation,16_2_000001E5CC279277
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0025D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0025D5EB
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00251201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00251201
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0025E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0025E8F6
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001FBF400_2_001FBF40
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002620460_2_00262046
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001F80600_2_001F8060
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002582980_2_00258298
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0022E4FF0_2_0022E4FF
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0022676B0_2_0022676B
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002848730_2_00284873
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0021CAA00_2_0021CAA0
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001FCAF00_2_001FCAF0
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0020CC390_2_0020CC39
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00226DD90_2_00226DD9
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0020B1190_2_0020B119
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001F91C00_2_001F91C0
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002113940_2_00211394
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002117060_2_00211706
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0021781B0_2_0021781B
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001F79200_2_001F7920
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0020997D0_2_0020997D
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002119B00_2_002119B0
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00217A4A0_2_00217A4A
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00211C770_2_00211C77
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00217CA70_2_00217CA7
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0027BE440_2_0027BE44
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00229EEE0_2_00229EEE
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00211F320_2_00211F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E5CC2721F216_2_000001E5CC2721F2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E5CC27927716_2_000001E5CC279277
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E5CC27223216_2_000001E5CC272232
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E5CC27291C16_2_000001E5CC27291C
    Source: C:\Users\user\Desktop\random.exeCode function: String function: 00210A30 appears 46 times
    Source: C:\Users\user\Desktop\random.exeCode function: String function: 0020F9F2 appears 31 times
    Source: random.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@34/34@69/13
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002637B5 GetLastError,FormatMessageW,0_2_002637B5
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002510BF AdjustTokenPrivileges,CloseHandle,0_2_002510BF
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002516C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_002516C3
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002651CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_002651CD
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0025D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0025D4DC
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0026648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0026648E
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001F42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_001F42A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6760:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7048:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2720:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4320:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1440:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: random.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\random.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000D.00000003.1929389276.000001B50FDCA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000D.00000003.1929389276.000001B50FDCA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000D.00000003.1929389276.000001B50FDCA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000D.00000003.1929389276.000001B50FDCA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000D.00000003.1929389276.000001B50FDCA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000D.00000003.1929389276.000001B50FDCA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000D.00000003.1929389276.000001B50FDCA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000D.00000003.1929389276.000001B50FDCA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000D.00000003.1929389276.000001B50FDCA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: random.exeReversingLabs: Detection: 29%
    Source: unknownProcess created: C:\Users\user\Desktop\random.exe "C:\Users\user\Desktop\random.exe"
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2224 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c958a673-8d2a-4932-a065-728f92b5ad4e} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 1b575770310 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4112 -parentBuildID 20230927232528 -prefsHandle 3816 -prefMapHandle 3048 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cef76444-a689-447f-b1a3-9f982a55c08d} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 1b507bdf410 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3984 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 2784 -prefMapHandle 2768 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c18f3a26-7389-4e0f-8ffe-2a8c2ec164cb} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 1b50fda6910 utility
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2224 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c958a673-8d2a-4932-a065-728f92b5ad4e} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 1b575770310 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4112 -parentBuildID 20230927232528 -prefsHandle 3816 -prefMapHandle 3048 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cef76444-a689-447f-b1a3-9f982a55c08d} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 1b507bdf410 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3984 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 2784 -prefMapHandle 2768 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c18f3a26-7389-4e0f-8ffe-2a8c2ec164cb} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 1b50fda6910 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: random.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: random.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: random.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: random.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: random.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: random.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: random.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: UxTheme.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: rsaenh.pdb source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wininet.pdb source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: UMPDC.pdb source: firefox.exe, 0000000D.00000003.1956339249.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935887156.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winsta.pdb source: firefox.exe, 0000000D.00000003.1957373650.000001B5091A4000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: rpcrt4.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: WscApi.pdb source: firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957158325.000001B50D742000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msvcrt.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000000D.00000003.1957373650.000001B50915A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957755236.000001B508E62000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 0000000D.00000003.1968490925.000001B50D698000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shcore.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nssckbi.pdb source: firefox.exe, 0000000D.00000003.1967933077.000001B50D971000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: userenv.pdbP4O source: firefox.exe, 0000000D.00000003.1957158325.000001B50D728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1936294192.000001B50D728000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dcomp.pdb source: firefox.exe, 0000000D.00000003.1968013102.000001B50D6C1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winnsi.pdb source: firefox.exe, 0000000D.00000003.1957755236.000001B508E62000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: cryptsp.pdb source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msimg32.pdb0 source: firefox.exe, 0000000D.00000003.1956339249.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935887156.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sspicli.pdb source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shell32.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntmarta.pdb@ source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntmarta.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: urlmon.pdb source: firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957158325.000001B50D742000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dnsapi.pdb source: firefox.exe, 0000000D.00000003.1968539197.000001B508E32000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: freebl3.pdbcanvas-device-reset source: firefox.exe, 0000000D.00000003.1956339249.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935887156.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: userenv.pdb source: firefox.exe, 0000000D.00000003.1957158325.000001B50D728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1936294192.000001B50D728000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shlwapi.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winhttp.pdb source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shlwapi.pdbbrowser/tabbrowser.ftl source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mswsock.pdbps_quad_mask_FAST_PATH source: firefox.exe, 0000000D.00000003.1968581532.000001B508D98000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msimg32.pdb source: firefox.exe, 0000000D.00000003.1956339249.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935887156.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sspicli.pdbP4O source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: win32u.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: devobj.pdb source: firefox.exe, 0000000D.00000003.1957755236.000001B508E62000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: d3d11.pdb source: firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957158325.000001B50D742000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dwmapi.pdb source: firefox.exe, 0000000D.00000003.1957373650.000001B5091A4000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: srvcli.pdb source: firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957158325.000001B50D742000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: imm32.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: freebl3.pdb source: firefox.exe, 0000000D.00000003.1956339249.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935887156.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: gdi32.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ws2_32.pdb source: firefox.exe, 0000000D.00000003.1959544276.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1970424570.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937433712.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: avrt.pdb source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: WLDP.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mswsock.pdb source: firefox.exe, 0000000D.00000003.1968581532.000001B508D98000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sechost.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nsi.pdb source: firefox.exe, 0000000D.00000003.1957755236.000001B508E42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1968539197.000001B508E32000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shell32.pdbP4O source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: winmm.pdb source: firefox.exe, 0000000D.00000003.1963528343.000001B50834E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nssckbi.pdb@ source: firefox.exe, 0000000D.00000003.1956339249.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935887156.000001B50D7AE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winrnr.pdb source: firefox.exe, 0000000D.00000003.1957755236.000001B508E42000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msctf.pdb source: firefox.exe, 0000000D.00000003.1957373650.000001B5091A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957755236.000001B508E62000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ole32.pdb source: firefox.exe, 0000000D.00000003.1959544276.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1970424570.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937433712.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mscms.pdb source: firefox.exe, 0000000D.00000003.1957158325.000001B50D728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1936294192.000001B50D728000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: user32.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: twinapi.pdb source: firefox.exe, 0000000D.00000003.1957755236.000001B508E62000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: combase.pdb source: firefox.exe, 0000000D.00000003.1937433712.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959544276.000001B507CA2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dxgi.pdb source: firefox.exe, 0000000D.00000003.1968013102.000001B50D6C1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nss3.pdb source: firefox.exe, 0000000D.00000003.1959544276.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1970424570.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937433712.000001B507CD8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000D.00000003.1967845786.000001B50D97D000.00000004.00000800.00020000.00000000.sdmp
    Source: random.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: random.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: random.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: random.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: random.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_001F42DE
    Source: gmpopenh264.dll.tmp.13.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00210A76 push ecx; ret 0_2_00210A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0020F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0020F98E
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00281C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00281C41
    Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\random.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95524
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E5CC2721F2 rdtsc 16_2_000001E5CC2721F2
    Source: C:\Users\user\Desktop\random.exeAPI coverage: 3.9 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0025DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0025DBBE
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002668EE FindFirstFileW,FindClose,0_2_002668EE
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0026698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0026698F
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0025D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0025D076
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0025D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0025D3A9
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00269642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00269642
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0026979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0026979D
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00269B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00269B2B
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00265C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00265C97
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_001F42DE
    Source: firefox.exe, 0000000F.00000002.2959231597.0000022AB7840000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWv8
    Source: firefox.exe, 0000000F.00000002.2959231597.0000022AB7840000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll6:
    Source: firefox.exe, 00000014.00000002.2957949214.000002DDD67F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW-
    Source: firefox.exe, 0000000F.00000002.2951399418.0000022AB6F4A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2950015081.000001E5CBF3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2958201246.000001E5CC863000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2951231133.000002DDD646A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 0000000D.00000003.1748140918.000001B57E8C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2957990489.0000022AB741E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: random.exe, 00000000.00000003.1774130092.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1773995781.0000000001587000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1773037003.0000000001587000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1773219070.0000000001587000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1773496947.0000000001587000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1774496006.00000000015B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
    Source: firefox.exe, 00000010.00000002.2958201246.000001E5CC863000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllnk
    Source: random.exe, 00000000.00000003.1774582592.0000000001796000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1761271298.0000000001796000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1777790923.0000000001796000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllcA
    Source: firefox.exe, 0000000F.00000002.2959231597.0000022AB7840000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWV9
    Source: random.exe, 00000000.00000003.1774582592.0000000001796000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1761271298.0000000001796000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1777790923.0000000001796000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2951399418.0000022AB6F4A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2958201246.000001E5CC863000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: firefox.exe, 0000000F.00000002.2951399418.0000022AB6F4A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWc
    Source: C:\Users\user\Desktop\random.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E5CC2721F2 rdtsc 16_2_000001E5CC2721F2
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0026EAA2 BlockInput,0_2_0026EAA2
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00222622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00222622
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_001F42DE
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00214CE8 mov eax, dword ptr fs:[00000030h]0_2_00214CE8
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00250B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00250B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00222622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00222622
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0021083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0021083F
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002109D5 SetUnhandledExceptionFilter,0_2_002109D5
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00210C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00210C21
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00251201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00251201
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00232BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00232BA5
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0025B226 SendInput,keybd_event,0_2_0025B226
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002722DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_002722DA
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00250B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00250B62
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00251663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00251663
    Source: random.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: random.exeBinary or memory string: Shell_TrayWnd
    Source: firefox.exe, 0000000D.00000003.1941918616.000001B50F401000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00210698 cpuid 0_2_00210698
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0024D21C GetLocalTime,0_2_0024D21C
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0024D27A GetUserNameW,0_2_0024D27A
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0022BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_0022BB6F
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_001F42DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: random.exe PID: 6660, type: MEMORYSTR
    Source: random.exeBinary or memory string: WIN_81
    Source: random.exeBinary or memory string: WIN_XP
    Source: random.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: random.exeBinary or memory string: WIN_XPe
    Source: random.exeBinary or memory string: WIN_VISTA
    Source: random.exeBinary or memory string: WIN_7
    Source: random.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: random.exe PID: 6660, type: MEMORYSTR
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00271204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00271204
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00271806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00271806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials1
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1596842 Sample: random.exe Startdate: 22/01/2025 Architecture: WINDOWS Score: 80 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 37 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Credential Flusher 2->61 63 3 other signatures 2->63 8 random.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 212 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.185.174, 443, 49739, 49740 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49741, 49749, 49751 GOOGLEUS United States 19->53 55 12 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    random.exe30%ReversingLabsWin32.Trojan.AutoitInject
    random.exe100%AviraTR/ATRAPS.Gen
    random.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://login.li0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		96.7.128.186
    		truefalse
      		high
      star-mini.c10r.facebook.com
      		157.240.253.35
      		truefalse
        		high
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            twitter.com
            		104.244.42.65
            		truefalse
              		high
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		high
                shavar.prod.mozaws.net
                		34.211.125.135
                		truefalse
                  		high
                  services.addons.mozilla.org
                  		151.101.65.91
                  		truefalse
                    		high
                    dyna.wikimedia.org
                    		185.15.59.224
                    		truefalse
                      		high
                      prod.remote-settings.prod.webservices.mozgcp.net
                      		34.149.100.209
                      		truefalse
                        		high
                        contile.services.mozilla.com
                        		34.117.188.166
                        		truefalse
                          		high
                          youtube.com
                          		142.250.185.174
                          		truefalse
                            		high
                            prod.content-signature-chains.prod.webservices.mozgcp.net
                            		34.160.144.191
                            		truefalse
                              		high
                              a19.dscg10.akamai.net
                              		2.22.61.59
                              		truefalse
                                		high
                                youtube-ui.l.google.com
                                		142.250.185.238
                                		truefalse
                                  		high
                                  us-west1.prod.sumo.prod.webservices.mozgcp.net
                                  		34.149.128.2
                                  		truefalse
                                    		high
                                    reddit.map.fastly.net
                                    		151.101.193.140
                                    		truefalse
                                      		high
                                      ipv4only.arpa
                                      		192.0.0.171
                                      		truefalse
                                        		high
                                        prod.ads.prod.webservices.mozgcp.net
                                        		34.117.188.166
                                        		truefalse
                                          		high
                                          push.services.mozilla.com
                                          		34.107.243.93
                                          		truefalse
                                            		high
                                            normandy-cdn.services.mozilla.com
                                            		35.201.103.21
                                            		truefalse
                                              		high
                                              telemetry-incoming.r53-2.services.mozilla.com
                                              		34.120.208.123
                                              		truefalse
                                                		high
                                                www.reddit.com
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  spocs.getpocket.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    content-signature-2.cdn.mozilla.net
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      support.mozilla.org
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        firefox.settings.services.mozilla.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          www.youtube.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            www.facebook.com
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              detectportal.firefox.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                normandy.cdn.mozilla.net
                                                                		unknown
                                                                		unknownfalse
                                                                  		high
                                                                  shavar.services.mozilla.com
                                                                  		unknown
                                                                  		unknownfalse
                                                                    		high
                                                                    www.wikipedia.org
                                                                    		unknown
                                                                    		unknownfalse
                                                                      		high

                                                                      URLs from Memory and Binaries

                                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                                      https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000014.00000002.2952868840.000002DDD66C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://datastudio.google.com/embed/reporting/firefox.exe, 0000000D.00000003.1925558802.000001B509205000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902137908.000001B506A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972987375.000001B50E343000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921507981.000001B505899000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1868265505.000001B50EAA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1931486671.000001B50E343000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951659576.000001B50E343000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.mozilla.com0gmpopenh264.dll.tmp.13.drfalse
                                                                                		high
                                                                                https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 0000000D.00000003.1949701136.000001B57E7B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2954196743.0000022AB73CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2958245293.000002DDD6903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                  		high
                                                                                  https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000D.00000003.1883033454.000001B50DC35000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000010.00000002.2954495285.000001E5CC386000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2952868840.000002DDD668F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://json-schema.org/draft/2019-09/schema.firefox.exe, 0000000D.00000003.1807852510.000001B50655E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.leboncoin.fr/firefox.exe, 0000000D.00000003.1953830726.000001B50DD60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1808967052.000001B50DD63000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://spocs.getpocket.com/spocsfirefox.exe, 0000000D.00000003.1934611094.000001B50D9FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 0000000D.00000003.1807852510.000001B50657E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://shavar.services.mozilla.comfirefox.exe, 0000000D.00000003.1971993100.000001B50E35F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1931486671.000001B50E343000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951659576.000001B50E343000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://completion.amazon.com/search/complete?q=firefox.exe, 0000000D.00000003.1752389908.000001B505400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752726357.000001B50563C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752571186.000001B50561F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752871459.000001B50565A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753066650.000001B505677000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000D.00000003.1810376032.000001B5072F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1807852510.000001B506595000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000D.00000003.1929389276.000001B50FDCA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://monitor.firefox.com/breach-details/firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000D.00000003.1950959404.000001B50EC29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930534105.000001B50EC29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1926753912.000001B57F02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000D.00000003.1815198513.000001B5069CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752389908.000001B505400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752726357.000001B50563C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1808425422.000001B50645F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752571186.000001B50561F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752871459.000001B50565A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753066650.000001B505677000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.msn.comfirefox.exe, 0000000D.00000003.1801296687.000001B508D37000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000D.00000003.1752389908.000001B505400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752726357.000001B50563C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752571186.000001B50561F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752871459.000001B50565A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753066650.000001B505677000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://exslt.org/setsfirefox.exe, 0000000D.00000003.1749006417.000001B57E726000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://youtube.com/firefox.exe, 0000000D.00000003.1968490925.000001B50D698000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957158325.000001B50D728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1936294192.000001B50D728000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://json-schema.org/draft/2020-12/schema/=firefox.exe, 0000000D.00000003.1807852510.000001B50655E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 0000000D.00000003.1949701136.000001B57E7B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2954196743.0000022AB73CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2958245293.000002DDD6903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                                        		high
                                                                                                                                        https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingfirefox.exe, 0000000D.00000003.1926753912.000001B57F02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://api.accounts.firefox.com/v1firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://login.lifirefox.exe, 0000000D.00000003.1812796070.000001B506964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890143554.000001B50694C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              http://exslt.org/commonfirefox.exe, 0000000D.00000003.1749006417.000001B57E726000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://www.amazon.com/firefox.exe, 0000000D.00000003.1806435286.000001B50DFB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955517175.000001B50D991000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://fpn.firefox.comfirefox.exe, 0000000D.00000003.1800470918.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 0000000D.00000003.1950959404.000001B50EC2E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://exslt.org/dates-and-timesfirefox.exe, 0000000D.00000003.1966861203.000001B57E761000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949856491.000001B57E75C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1748914353.000001B57E762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 0000000D.00000003.1949701136.000001B57E7B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2954196743.0000022AB73CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2958245293.000002DDD6903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://www.youtube.com/firefox.exe, 0000000D.00000003.1806435286.000001B50DFB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955517175.000001B50D991000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC30A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2952868840.000002DDD660C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000D.00000003.1868123466.000001B506231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866197823.000001B50617D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://MD8.mozilla.org/1/mfirefox.exe, 0000000D.00000003.1926476126.000001B57FD48000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.bbc.co.uk/firefox.exe, 0000000D.00000003.1953830726.000001B50DD60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1808967052.000001B50DD63000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000D.00000003.1927766704.000001B5115EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000014.00000002.2952868840.000002DDD66C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://127.0.0.1:firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000D.00000003.1868123466.000001B506231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866197823.000001B50617D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000D.00000003.1917336508.000001B506889000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1944204917.000001B506887000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://bugzilla.mofirefox.exe, 0000000D.00000003.1927766704.000001B511590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://mitmdetection.services.mozilla.com/firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://amazon.comfirefox.exe, 0000000D.00000003.1923301495.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800470918.000001B57FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1798825260.000001B57FD95000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000D.00000003.1807852510.000001B506595000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://youtube.com/account?=recovery.jsonlz4.tmp.13.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://shavar.services.mozilla.com/firefox.exe, 0000000D.00000003.1971014383.000001B510918000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://spocs.getpocket.com/firefox.exe, 0000000D.00000003.1934611094.000001B50D9FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2954495285.000001E5CC312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2952868840.000002DDD6613000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://www.iqiyi.com/firefox.exe, 0000000D.00000003.1953830726.000001B50DD60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1808967052.000001B50DD63000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000D.00000003.1936294192.000001B50D742000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000D.00000003.1969816595.000001B507DDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1170143firefox.exe, 0000000D.00000003.1868123466.000001B506231000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://www.tsn.cafirefox.exe, 0000000D.00000003.1812796070.000001B506964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1890143554.000001B50694C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://monitor.firefox.com/aboutfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://mozilla.org/MPL/2.0/.firefox.exe, 0000000D.00000003.1801296687.000001B508D42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1830351136.000001B5061C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1817540654.000001B506AB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1867255987.000001B506AB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1934294138.000001B50DA2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1944204917.000001B506882000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912562051.000001B505AFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917442328.000001B506876000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865065184.000001B5062C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1796816627.000001B50DCB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1817540654.000001B506AB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1881959658.000001B50DCB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1801296687.000001B508D60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1963435108.000001B508356000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1830351136.000001B5061CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813334452.000001B506824000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912562051.000001B505ADB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1797089741.000001B50DCB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1969499749.000001B508331000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1944204917.000001B506887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917336508.000001B506890000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://account.bellmedia.cfirefox.exe, 0000000D.00000003.1801296687.000001B508D37000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://www.openh264.org/firefox.exe, 0000000D.00000003.1748140918.000001B57E8C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://login.microsoftonline.comfirefox.exe, 0000000D.00000003.1801296687.000001B508D37000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://coverage.mozilla.orgfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.13.drfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://www.zhihu.com/firefox.exe, 0000000D.00000003.1955771049.000001B50D7D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935551099.000001B50D7B9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              http://x1.c.lencr.org/0firefox.exe, 0000000D.00000003.1809640666.000001B508158000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                http://x1.i.lencr.org/0firefox.exe, 0000000D.00000003.1809640666.000001B508158000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000D.00000003.1969816595.000001B507DDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000D.00000003.1883033454.000001B50DC35000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://blocked.cdn.mozilla.net/firefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000D.00000003.1808967052.000001B50DD78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953830726.000001B50DD79000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000D.00000003.1950959404.000001B50EC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1926753912.000001B57F02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1747628998.000001B57F013000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://duckduckgo.com/?t=ffab&q=firefox.exe, 0000000D.00000003.1808967052.000001B50DD63000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://profiler.firefox.comfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000D.00000003.1755537770.000001B502C25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755779546.000001B502C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754674295.000001B502C33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://bugzilla.mozilla.org/show_bug.cgi?id=793869firefox.exe, 0000000D.00000003.1868123466.000001B506231000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000F.00000002.2953232057.0000022AB7010000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2952127858.000001E5CC200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2957202462.000002DDD6700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000D.00000003.1968677486.000001B508D8F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1801296687.000001B508D8B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000D.00000003.1868123466.000001B506231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866197823.000001B50617D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                                          https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000D.00000003.1755537770.000001B502C25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755779546.000001B502C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754674295.000001B502C33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                            34.149.100.209
                                                                                                                                                                                                                                                                            		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                            34.107.243.93
                                                                                                                                                                                                                                                                            		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            151.101.65.91
                                                                                                                                                                                                                                                                            		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                            		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                            34.107.221.82
                                                                                                                                                                                                                                                                            		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            35.244.181.201
                                                                                                                                                                                                                                                                            		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            34.117.188.166
                                                                                                                                                                                                                                                                            		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                            142.250.185.174
                                                                                                                                                                                                                                                                            		youtube.comUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            34.211.125.135
                                                                                                                                                                                                                                                                            		shavar.prod.mozaws.netUnited States
                                                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                            35.201.103.21
                                                                                                                                                                                                                                                                            		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            35.190.72.216
                                                                                                                                                                                                                                                                            		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            34.160.144.191
                                                                                                                                                                                                                                                                            		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                            34.120.208.123
                                                                                                                                                                                                                                                                            		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                            Private

                                                                                                                                                                                                                                                                            IP
                                                                                                                                                                                                                                                                            127.0.0.1

                                                                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                                                                            Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                                                                            Analysis ID:1596842
                                                                                                                                                                                                                                                                            Start date and time:2025-01-22 15:32:26 +01:00
                                                                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                            Overall analysis duration:0h 7m 8s
                                                                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                            Number of analysed new started processes analysed:22
                                                                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                            Sample name:random.exe
                                                                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                                                                            Classification:mal80.troj.evad.winEXE@34/34@69/13
                                                                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                                                                            • Successful, ratio: 50%
                                                                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                                                                            • Successful, ratio: 97%
                                                                                                                                                                                                                                                                            • Number of executed functions: 50
                                                                                                                                                                                                                                                                            • Number of non-executed functions: 291
                                                                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 142.250.185.238, 2.22.61.59, 142.250.184.206, 142.250.186.142, 216.58.212.170, 142.250.186.138, 2.19.106.160, 20.109.210.53, 13.107.253.45
                                                                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ciscobinary.openh264.org, ocsp.digicert.com, redirector.gvt1.com, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, safebrowsing.googleapis.com, aus5.mozilla.org, location.services.mozilla.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                                                                            09:33:36API Interceptor1x Sleep call for process: firefox.exe modified

                                                                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                            34.117.188.166random.exeGet hashmaliciousAmadey, Babadeda, Credential Flusher, GCleaner, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                random.exeGet hashmaliciousAmadey, Babadeda, Credential Flusher, Cryptbot, GCleaner, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                  random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    MAIN.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        mscoree.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          qOH6oNqqoi.ps1Get hashmaliciousPureCrypter, AmadeyBrowse
                                                                                                                                                                                                                                                                                            random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                34.211.125.135MAIN.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  34.149.100.209random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      MAIN.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          mscoree.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                            qOH6oNqqoi.ps1Get hashmaliciousPureCrypter, AmadeyBrowse
                                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  GbpfWtymAP.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    GbpfWtymAP.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      151.101.65.91random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        GbpfWtymAP.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                            ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                          example.orgrandom.exeGet hashmaliciousAmadey, Babadeda, Credential Flusher, GCleaner, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                          • 23.215.0.133
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 96.7.128.186
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousAmadey, Babadeda, Credential Flusher, Cryptbot, GCleaner, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                          • 23.215.0.132
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 23.215.0.132
                                                                                                                                                                                                                                                                                                                                          MAIN.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 96.7.128.192
                                                                                                                                                                                                                                                                                                                                          MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 96.7.128.186
                                                                                                                                                                                                                                                                                                                                          mscoree.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 96.7.128.192
                                                                                                                                                                                                                                                                                                                                          qOH6oNqqoi.ps1Get hashmaliciousPureCrypter, AmadeyBrowse
                                                                                                                                                                                                                                                                                                                                          • 96.7.128.186
                                                                                                                                                                                                                                                                                                                                          BingWallpaper.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 96.7.128.192
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 96.7.128.192
                                                                                                                                                                                                                                                                                                                                          twitter.comrandom.exeGet hashmaliciousAmadey, Babadeda, Credential Flusher, GCleaner, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                          • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                          MAIN.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                          MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                          shavar.prod.mozaws.netrandom.exeGet hashmaliciousAmadey, Babadeda, Credential Flusher, GCleaner, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.211.101.148
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.211.101.148
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousAmadey, Babadeda, Credential Flusher, Cryptbot, GCleaner, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.211.101.148
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.211.101.148
                                                                                                                                                                                                                                                                                                                                          MAIN.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.211.125.135
                                                                                                                                                                                                                                                                                                                                          MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 44.233.129.8
                                                                                                                                                                                                                                                                                                                                          mscoree.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 44.233.129.8
                                                                                                                                                                                                                                                                                                                                          qOH6oNqqoi.ps1Get hashmaliciousPureCrypter, AmadeyBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.211.125.135
                                                                                                                                                                                                                                                                                                                                          BingWallpaper.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.211.101.148
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.211.125.135
                                                                                                                                                                                                                                                                                                                                          star-mini.c10r.facebook.comrandom.exeGet hashmaliciousAmadey, Babadeda, Credential Flusher, GCleaner, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                          • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                          https://flugger.plGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                          http://webflow.ioGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                          https://dnl.hb-fein.de/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                          https://thomasaltmnn.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                          https://rakshit099-g.github.io/PROJECT_WORKS/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                          • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                          https://link.space/@DeskserviceGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                          https://www.zeffy.com/en-US/ticketing/9792a5cc-964b-451c-a97d-176fd6d24206Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                          • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                          https://www.zeffy.com/en-US/ticketing/9792a5cc-964b-451c-a97d-176fd6d24206Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                          • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 157.240.253.35

                                                                                                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                          GOOGLE-AS-APGoogleAsiaPacificPteLtdSGrandom.exeGet hashmaliciousAmadey, Babadeda, Credential Flusher, GCleaner, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                          http://www.sterne-shop.deGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.117.77.79
                                                                                                                                                                                                                                                                                                                                          http://www.sterne-shop.deGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.117.77.79
                                                                                                                                                                                                                                                                                                                                          VQdUvAQ4xO.exeGet hashmaliciousDCRat, PureLog Stealer, ReverseShell, zgRATBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                          http://telegrauml.work/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                          http://telegrems.fit/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousAmadey, Babadeda, Credential Flusher, Cryptbot, GCleaner, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                          MAIN.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                          FASTLYUSrandom.exeGet hashmaliciousAmadey, Babadeda, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                          • 185.199.111.133
                                                                                                                                                                                                                                                                                                                                          https://tech-doctors.net/netf/NTXUPDATEDGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 185.199.110.133
                                                                                                                                                                                                                                                                                                                                          https://rbslocadora.com.br/modules/aggregator/red.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                          • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                          https://flugger.plGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 151.101.64.84
                                                                                                                                                                                                                                                                                                                                          http://webflow.ioGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 151.101.2.132
                                                                                                                                                                                                                                                                                                                                          https://app.dam.penzle.com/asset/c9b1ca84-2e6e-4091-8dd7-8eea9a901c0b--105887785658629571096-0797a88c-6d4b-41ed-9b50-9a993107fca0--34868474-c76c-4769-aa1a-4fb9218cd274Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 185.199.109.133
                                                                                                                                                                                                                                                                                                                                          https://steursinnovatingforthefuture.freshdesk.com/support/solutions/articles/203000017909-steurs-innovating-for-the-futureGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                          ATT-897850.htmGet hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                                                                                                                                                          • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                          AMAZON-02USattached PO.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                                                                                                                                                          https://flugger.plGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 13.35.58.9
                                                                                                                                                                                                                                                                                                                                          http://webflow.ioGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 108.138.26.97
                                                                                                                                                                                                                                                                                                                                          https://mailzim-0fb4f9.webflow.io/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 18.244.20.221
                                                                                                                                                                                                                                                                                                                                          http://www.sterne-shop.deGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.247.128.143
                                                                                                                                                                                                                                                                                                                                          http://www.sterne-shop.deGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.252.167.64
                                                                                                                                                                                                                                                                                                                                          https://www.mathemise.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 3.78.6.236
                                                                                                                                                                                                                                                                                                                                          https://steursinnovatingforthefuture.freshdesk.com/support/solutions/articles/203000017909-steurs-innovating-for-the-futureGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 3.5.138.151
                                                                                                                                                                                                                                                                                                                                          http://whatsappweb.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 18.158.3.25
                                                                                                                                                                                                                                                                                                                                          https://norpor.shop/riiw2-1.mp4Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 54.154.60.209
                                                                                                                                                                                                                                                                                                                                          ATGS-MMD-ASUSsetups.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.133.74.21
                                                                                                                                                                                                                                                                                                                                          http://webflow.ioGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.128.128.0
                                                                                                                                                                                                                                                                                                                                          setups.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.133.74.21
                                                                                                                                                                                                                                                                                                                                          http://www.sterne-shop.deGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.149.254.14
                                                                                                                                                                                                                                                                                                                                          arm7Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 57.180.175.94
                                                                                                                                                                                                                                                                                                                                          armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.184.36.220
                                                                                                                                                                                                                                                                                                                                          jhdfer3s_jh3de.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.160.111.145
                                                                                                                                                                                                                                                                                                                                          jhdfer3s_jh3de.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.160.111.145
                                                                                                                                                                                                                                                                                                                                          x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                          • 34.151.214.54
                                                                                                                                                                                                                                                                                                                                          87.121.79.19-mips-2025-01-22T04_20_52.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                          • 32.115.128.83

                                                                                                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                          fb0aa01abe9d8e4037eb3473ca6e2dcarandom.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousAmadey, Babadeda, Credential Flusher, Cryptbot, GCleaner, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                          MAIN.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                          mscoree.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                          qOH6oNqqoi.ps1Get hashmaliciousPureCrypter, AmadeyBrowse
                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                          GbpfWtymAP.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                          GbpfWtymAP.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123

                                                                                                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              MAIN.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  mscoree.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    qOH6oNqqoi.ps1Get hashmaliciousPureCrypter, AmadeyBrowse
                                                                                                                                                                                                                                                                                                                                                      random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          GbpfWtymAP.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            GbpfWtymAP.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_469d2ee9-b6b5-412f-b851-c214e004b99c.json (copy)

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.181465995377727
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:1jMXjfotbhbVbTbfbRbObtbyEl7nErRJA6WnSrDtTUd/SkDrt:1YktNhnzFSJkrMBnSrDhUd//
                                                                                                                                                                                                                                                                                                                                                              MD5:7B77D49B70FC0A99882602DA0E10AF60
                                                                                                                                                                                                                                                                                                                                                              SHA1:66197E80D7D23FD198204484D1999BEC8749E58E
                                                                                                                                                                                                                                                                                                                                                              SHA-256:6B597DB40AF2CF86694D51AA00CDD91254B0DE82A89FA6EC17E0A64757602902
                                                                                                                                                                                                                                                                                                                                                              SHA-512:4C7935E946545E24C5C85DE2CAC1F1CCA3021CF7BF413B8E663FA4EB8C261767449200D5F9C1C54267A7B153A7E90486F643B83D5AA138C742DF82D830523CAE
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:{"type":"uninstall","id":"469d2ee9-b6b5-412f-b851-c214e004b99c","creationDate":"2025-01-22T16:19:19.515Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_469d2ee9-b6b5-412f-b851-c214e004b99c.json.tmp

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.181465995377727
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:1jMXjfotbhbVbTbfbRbObtbyEl7nErRJA6WnSrDtTUd/SkDrt:1YktNhnzFSJkrMBnSrDhUd//
                                                                                                                                                                                                                                                                                                                                                              MD5:7B77D49B70FC0A99882602DA0E10AF60
                                                                                                                                                                                                                                                                                                                                                              SHA1:66197E80D7D23FD198204484D1999BEC8749E58E
                                                                                                                                                                                                                                                                                                                                                              SHA-256:6B597DB40AF2CF86694D51AA00CDD91254B0DE82A89FA6EC17E0A64757602902
                                                                                                                                                                                                                                                                                                                                                              SHA-512:4C7935E946545E24C5C85DE2CAC1F1CCA3021CF7BF413B8E663FA4EB8C261767449200D5F9C1C54267A7B153A7E90486F643B83D5AA138C742DF82D830523CAE
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:{"type":"uninstall","id":"469d2ee9-b6b5-412f-b851-c214e004b99c","creationDate":"2025-01-22T16:19:19.515Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                              MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                              SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                              SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                              SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                              MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                              SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                              SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                              SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.925350903616756
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:YnSwkmrOfJNmPUFpOdwNIOdoWLEWLtkDLuuukx5FBvipA6kbbXjQthvLuhakNnTn:8S+OfJQPUFpOdwNIOdYVjvYcXaNLMq8P
                                                                                                                                                                                                                                                                                                                                                              MD5:D8225C19FC64B309756BB05D4EFFE4EF
                                                                                                                                                                                                                                                                                                                                                              SHA1:B2CF9785D7AFD69A3AD38E419172E18DCBA46E6D
                                                                                                                                                                                                                                                                                                                                                              SHA-256:3A21A6B7582FAF0080B34B804DAAC194FA66BBE3EB0000034C4816F7811A9B45
                                                                                                                                                                                                                                                                                                                                                              SHA-512:4ED84BA2ACEA4945C21455E179F3B3A3E7A8E07604AA917E0F9A95A09FF057B2A7B699C6E67784D53F77769815E0F3852890D3B53DD9684CA037E8A96AC7D74E
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.925350903616756
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:YnSwkmrOfJNmPUFpOdwNIOdoWLEWLtkDLuuukx5FBvipA6kbbXjQthvLuhakNnTn:8S+OfJQPUFpOdwNIOdYVjvYcXaNLMq8P
                                                                                                                                                                                                                                                                                                                                                              MD5:D8225C19FC64B309756BB05D4EFFE4EF
                                                                                                                                                                                                                                                                                                                                                              SHA1:B2CF9785D7AFD69A3AD38E419172E18DCBA46E6D
                                                                                                                                                                                                                                                                                                                                                              SHA-256:3A21A6B7582FAF0080B34B804DAAC194FA66BBE3EB0000034C4816F7811A9B45
                                                                                                                                                                                                                                                                                                                                                              SHA-512:4ED84BA2ACEA4945C21455E179F3B3A3E7A8E07604AA917E0F9A95A09FF057B2A7B699C6E67784D53F77769815E0F3852890D3B53DD9684CA037E8A96AC7D74E
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                              MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                              SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                              SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                              SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                              MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                              SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                              SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                              SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 5
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.04905391753567332
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:DLivwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:D6wae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                              MD5:DD9D28E87ED57D16E65B14501B4E54D1
                                                                                                                                                                                                                                                                                                                                                              SHA1:793839B47326441BE2D1336BA9A61C9B948C578D
                                                                                                                                                                                                                                                                                                                                                              SHA-256:BB4E6C58C50BD6399ED70468C02B584595C29F010B66F864CD4D6B427FA365BC
                                                                                                                                                                                                                                                                                                                                                              SHA-512:A2626F6A3CBADE62E38DA5987729D99830D0C6AA134D4A9E615026A5F18ACBB11A2C3C80917DAD76DA90ED5BAA9B0454D4A3C2DD04436735E78C974BA1D035B1
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                                                                                                                              MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                                                                                                                              SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                                                                                                                              SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                                                                                                                              SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                                                                                                                              MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                                                                                                                              SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                                                                                                                              SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                                                                                                                              SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                              • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                              • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                              • Filename: MAIN.zip, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                              • Filename: MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (3).zip, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                              • Filename: mscoree.dll, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                              • Filename: qOH6oNqqoi.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                              • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                              • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                              • Filename: GbpfWtymAP.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                              • Filename: GbpfWtymAP.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.0732898472219601
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiJ:DLhesh7Owd4+ji
                                                                                                                                                                                                                                                                                                                                                              MD5:8472BEBF43CABF9013AD4499CDED1F1F
                                                                                                                                                                                                                                                                                                                                                              SHA1:D57BAF0CA47378BA4A60E3EADEDE3C2EC2AEF009
                                                                                                                                                                                                                                                                                                                                                              SHA-256:0FAEBD2E39FD5022D8776E7BD46F79719FE36E77D3A2E9ADDFF0260F5B2507DC
                                                                                                                                                                                                                                                                                                                                                              SHA-512:FE874DA80887EFF492E7A598F4A874EE377DA5830381756113E4434215445B034F30E5B6190D8616E40A0DF33AEEEB0FD065C82956FDA2DBA32321A401E12F75
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.03535756160686293
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:GtlstFCshJl45/O1lstFCshJl45/dJ89//alEl:GtWtAsZ4ZaWtAsZ4ZT89XuM
                                                                                                                                                                                                                                                                                                                                                              MD5:FF5E4E6EBE530BA606A5652A98937B7B
                                                                                                                                                                                                                                                                                                                                                              SHA1:60126B13C25EF9D8ED37EE1B18CEF051080964B9
                                                                                                                                                                                                                                                                                                                                                              SHA-256:14F5E6F941DCEE432D91CE5072EA9F69FF5E8D5C2075AF8B71CFB350A3F0978F
                                                                                                                                                                                                                                                                                                                                                              SHA-512:0E57F243C6274948A4F5FF39C39A509A250F1261D6263966A9E0CA42DB1D5C02D2AD59F7F11E176AD466E3C4661E4E845555AF1080D94999E7F2622080B1D306
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:..-......................tz.i... ..xQY.]~x-[.:..-......................tz.i... ..xQY.]~x-[.:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.03983200694987981
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:Ol1gOtGTHofFe2lhRYelll8rEXsxdwhml8XW3R2:K1u4eQh3lll8dMhm93w
                                                                                                                                                                                                                                                                                                                                                              MD5:E4A82DED450B46DE069A18A9144E2C22
                                                                                                                                                                                                                                                                                                                                                              SHA1:CBF21847C46D36C9B0AE946E5337F9F0F2412B66
                                                                                                                                                                                                                                                                                                                                                              SHA-256:6991366FBA5FE54F0F4C8C8CDD10ECA6DE49BCC1393C959575D80922673D493A
                                                                                                                                                                                                                                                                                                                                                              SHA-512:14BFC306A78DAB34CA67C79F0DF49814A67FABC0073643E19310DCD9C4782A44F16729DEEB048529EB47B44F2BA0CDAC0CD0AB64CB5BB3A10119A8191C8D5EFE
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:7....-.......... ..xQY...3.Q.P........ ..xQY.zt....i................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):13254
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.495282059730854
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:tLiWj0tbPxnaRtLYbBp6l6hj4qyaaXJ36K4XGPx9MN8F5RfGNBw8sItSl:teGqzyQscw+0
                                                                                                                                                                                                                                                                                                                                                              MD5:E660C2F733E82FB5466693C35982F4CC
                                                                                                                                                                                                                                                                                                                                                              SHA1:020D2BAA892C238F7E949570EF248846A30B06E4
                                                                                                                                                                                                                                                                                                                                                              SHA-256:FDD28E5D1B2D58458C8B71670C582CC1F91C62219780B492B1C9DCA5805602EE
                                                                                                                                                                                                                                                                                                                                                              SHA-512:BC0804AB15835128756FCCDA41E181E2D12C4DE3E3C14B4648F3C62F229348869C8EC935DAA252B43347A112DA9F89183523CA71985219E74F8342DD1E1D9FE2
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1737562728);..user_pref("app.update.lastUpdateTime.background-update-timer", 1737562728);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1737562728);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173756

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):13254
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.495282059730854
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:tLiWj0tbPxnaRtLYbBp6l6hj4qyaaXJ36K4XGPx9MN8F5RfGNBw8sItSl:teGqzyQscw+0
                                                                                                                                                                                                                                                                                                                                                              MD5:E660C2F733E82FB5466693C35982F4CC
                                                                                                                                                                                                                                                                                                                                                              SHA1:020D2BAA892C238F7E949570EF248846A30B06E4
                                                                                                                                                                                                                                                                                                                                                              SHA-256:FDD28E5D1B2D58458C8B71670C582CC1F91C62219780B492B1C9DCA5805602EE
                                                                                                                                                                                                                                                                                                                                                              SHA-512:BC0804AB15835128756FCCDA41E181E2D12C4DE3E3C14B4648F3C62F229348869C8EC935DAA252B43347A112DA9F89183523CA71985219E74F8342DD1E1D9FE2
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1737562728);..user_pref("app.update.lastUpdateTime.background-update-timer", 1737562728);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1737562728);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173756

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:6:ltBl/l4/WN1h4BEJYqWvLue3FMOrMZ0l:DBl/WuntfJiFxMZO
                                                                                                                                                                                                                                                                                                                                                              MD5:18F65713B07CB441E6A98655B726D098
                                                                                                                                                                                                                                                                                                                                                              SHA1:2CEFA32BC26B25BE81C411B60C9925CB0F1F8F88
                                                                                                                                                                                                                                                                                                                                                              SHA-256:B6C268E48546B113551A5AF9CA86BB6A462A512DE6C9289315E125CEB0FD8621
                                                                                                                                                                                                                                                                                                                                                              SHA-512:A6871076C7D7ED53B630F9F144ED04303AD54A2E60B94ECA2AA96964D1AB375EEFDCA86CE0D3EB0E9DBB81470C6BD159877125A080C95EB17E54A52427F805FB
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1572
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.3335087151177145
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:v+USUGlcAxSL0LXnIgDR/pnxQwRlszT5sKt0b3eHVQj6T+amhujJlOsIomNVr0at:GUpOxFrrnR6E3eHT+4JlIqzt4
                                                                                                                                                                                                                                                                                                                                                              MD5:338B6936C290D5D2920F972406F81092
                                                                                                                                                                                                                                                                                                                                                              SHA1:DE6DF693495BA447DF6C52EA00C37C0BC5C46B02
                                                                                                                                                                                                                                                                                                                                                              SHA-256:BAC8293448D178BD6DB88E4ACE4BBBB9156B9021E7C33910DF48B0144F3830D3
                                                                                                                                                                                                                                                                                                                                                              SHA-512:6DD34622CE2437112E839554D774BD862A7C5052F18253A54356ECC927979DC329DB66FBA94728733B6F7D86785325FF3558D02EA5821B038179CAD4968D58C7
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{5f4e3d45-4b80-4724-9673-387f7e5a403c}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1737562749966,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..jUpdate...7,"startTim..`698025...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...09630,"originA..

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1572
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.3335087151177145
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:v+USUGlcAxSL0LXnIgDR/pnxQwRlszT5sKt0b3eHVQj6T+amhujJlOsIomNVr0at:GUpOxFrrnR6E3eHT+4JlIqzt4
                                                                                                                                                                                                                                                                                                                                                              MD5:338B6936C290D5D2920F972406F81092
                                                                                                                                                                                                                                                                                                                                                              SHA1:DE6DF693495BA447DF6C52EA00C37C0BC5C46B02
                                                                                                                                                                                                                                                                                                                                                              SHA-256:BAC8293448D178BD6DB88E4ACE4BBBB9156B9021E7C33910DF48B0144F3830D3
                                                                                                                                                                                                                                                                                                                                                              SHA-512:6DD34622CE2437112E839554D774BD862A7C5052F18253A54356ECC927979DC329DB66FBA94728733B6F7D86785325FF3558D02EA5821B038179CAD4968D58C7
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{5f4e3d45-4b80-4724-9673-387f7e5a403c}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1737562749966,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..jUpdate...7,"startTim..`698025...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...09630,"originA..

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1572
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.3335087151177145
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:v+USUGlcAxSL0LXnIgDR/pnxQwRlszT5sKt0b3eHVQj6T+amhujJlOsIomNVr0at:GUpOxFrrnR6E3eHT+4JlIqzt4
                                                                                                                                                                                                                                                                                                                                                              MD5:338B6936C290D5D2920F972406F81092
                                                                                                                                                                                                                                                                                                                                                              SHA1:DE6DF693495BA447DF6C52EA00C37C0BC5C46B02
                                                                                                                                                                                                                                                                                                                                                              SHA-256:BAC8293448D178BD6DB88E4ACE4BBBB9156B9021E7C33910DF48B0144F3830D3
                                                                                                                                                                                                                                                                                                                                                              SHA-512:6DD34622CE2437112E839554D774BD862A7C5052F18253A54356ECC927979DC329DB66FBA94728733B6F7D86785325FF3558D02EA5821B038179CAD4968D58C7
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{5f4e3d45-4b80-4724-9673-387f7e5a403c}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1737562749966,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..jUpdate...7,"startTim..`698025...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...09630,"originA..

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                              MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                              SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                              SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                              SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.033328823706835
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:YrSAYl6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyJW:yclyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                                                                                                                                              MD5:AC8800383650773AAA4F3749D47E49A8
                                                                                                                                                                                                                                                                                                                                                              SHA1:84843031941253E931B9F51B27B0605406B2A4F5
                                                                                                                                                                                                                                                                                                                                                              SHA-256:C693E4FAC44295C23DD6D95C7C1826B584CAE50B4220BB81E1C08DF5FABCB799
                                                                                                                                                                                                                                                                                                                                                              SHA-512:DC4BEC1B7247E2AF8498D4B4545C82DA754D508B93F4CBA3A3CA3BFD1E8778C1F98A1692D6C1B67B114FCF2EA8E59F2EAB88FF1B815708DDFF218A5518854D40
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2025-01-22T16:18:37.192Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.033328823706835
                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:YrSAYl6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyJW:yclyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                                                                                                                                              MD5:AC8800383650773AAA4F3749D47E49A8
                                                                                                                                                                                                                                                                                                                                                              SHA1:84843031941253E931B9F51B27B0605406B2A4F5
                                                                                                                                                                                                                                                                                                                                                              SHA-256:C693E4FAC44295C23DD6D95C7C1826B584CAE50B4220BB81E1C08DF5FABCB799
                                                                                                                                                                                                                                                                                                                                                              SHA-512:DC4BEC1B7247E2AF8498D4B4545C82DA754D508B93F4CBA3A3CA3BFD1E8778C1F98A1692D6C1B67B114FCF2EA8E59F2EAB88FF1B815708DDFF218A5518854D40
                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2025-01-22T16:18:37.192Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.7024548645728474
                                                                                                                                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                              File name:random.exe
                                                                                                                                                                                                                                                                                                                                                              File size:970'240 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5:b986d1882535e8f044c3d091d324d2f9
                                                                                                                                                                                                                                                                                                                                                              SHA1:af7fd2693f6f91c6655bde5621ad293daa53bcae
                                                                                                                                                                                                                                                                                                                                                              SHA256:1d5f4f9082b27779f594b673840b56b01c5c925de8dac6b4a648543ddb9dd0b3
                                                                                                                                                                                                                                                                                                                                                              SHA512:31c10f9548db63209d445e900723692d936a7e7712203e7729bb9ac4c0525875e9fcf51f4c52d23021c8bdc7ae2835c6ccbe948763597b57f2cf6ac83593a104
                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:kqDEvCTbMWu7rQYlBQcBiT6rprG8a5n3F:kTvC/MTQYxsWR7a5n
                                                                                                                                                                                                                                                                                                                                                              TLSH:6E259E0273D1C062FF9B92334B5AF6515BBC69260123E62F13A81D79BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                                                                                                                                              Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                              Time Stamp:0x6790F2FC [Wed Jan 22 13:30:36 2025 UTC]
                                                                                                                                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                              OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                                                                                                                                                                              File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                              Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                              Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                                                                                                                                              call 00007F9148812863h
                                                                                                                                                                                                                                                                                                                                                              jmp 00007F914881216Fh
                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                              call 00007F914881234Dh
                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                                                                                                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                              mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                              call 00007F914881231Ah
                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                                                                                                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                              mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                              lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                              and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                              and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                                                                              mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                              add eax, 04h
                                                                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                                                                              call 00007F9148814F0Dh
                                                                                                                                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                                                                                                                                                                              lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                                                                              call 00007F9148814F58h
                                                                                                                                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                              lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                                                                              call 00007F9148814F41h
                                                                                                                                                                                                                                                                                                                                                              test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                              pop ecx

                                                                                                                                                                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                                                                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                              • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x1625c.rsrc
                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xeb0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                              .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                              .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                              .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                              .rsrc0xd40000x1625c0x164002036d4db3aeaf69a54cab90462dfd2caFalse0.6997454353932584data7.171792015546023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                              .reloc0xeb0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                              RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                              RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                              RT_RCDATA0xdc8fc0xd3e0data1.0004793510324483
                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xe9cdc0x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xe9d540x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xe9d680x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xe9d7c0x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                              RT_VERSION0xe9d900xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                              RT_MANIFEST0xe9e6c0x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                                                                                                                                              WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                              VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                              COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                              MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                              WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                              PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                              IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                              USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                              UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                              KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                              USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                              GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                              ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                              SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                              ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                              OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                              EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:27.666213036 CET49737443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:27.666256905 CET4434973735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:27.676590919 CET49737443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:27.684704065 CET49737443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:27.684715986 CET4434973735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:28.157377005 CET4434973735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:28.157397032 CET4434973735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:28.157471895 CET49737443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:28.168312073 CET49737443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:28.168329000 CET4434973735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:28.168448925 CET49737443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:28.168634892 CET4434973735.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:28.178656101 CET49737443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.426501989 CET49739443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.426547050 CET44349739142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.428035975 CET49739443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.429559946 CET49739443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.429584026 CET44349739142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.894979954 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.895031929 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.912573099 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.914675951 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.914697886 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.928011894 CET4974180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.932859898 CET804974134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.952800989 CET4974180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.956537962 CET4974180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.961421967 CET804974134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.097069025 CET44349739142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.097786903 CET44349739142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.107336998 CET44349739142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.115922928 CET49739443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.123585939 CET49739443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.123591900 CET44349739142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.123692989 CET49739443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.123893976 CET44349739142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.124018908 CET49739443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.360460997 CET49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.360553026 CET4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.364979982 CET49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.366485119 CET49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.366519928 CET4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.382165909 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.382196903 CET4434974434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.382436991 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.383915901 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.383933067 CET4434974434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.417473078 CET804974134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.422069073 CET49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.422116041 CET4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.423173904 CET49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.423388958 CET49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.423405886 CET4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.458348036 CET4974180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.546598911 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.546616077 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.547492027 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.547655106 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.547792912 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.852773905 CET4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.852894068 CET49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.869719028 CET4434974434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.869811058 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.884170055 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.884190083 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.884413958 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.884426117 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.884923935 CET49746443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.884964943 CET44349746142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.885833979 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.885881901 CET49746443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.887515068 CET49746443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.887530088 CET44349746142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.888688087 CET49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.888688087 CET49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.888813972 CET4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.888972998 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.889004946 CET4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.889177084 CET4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.890063047 CET49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.890171051 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.892329931 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.892358065 CET4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.893824100 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.893835068 CET4434974434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.893891096 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.894020081 CET4434974434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.894143105 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.912112951 CET4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.918670893 CET49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.921904087 CET49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.921916962 CET4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.922285080 CET4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.927953005 CET49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.928049088 CET49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.928124905 CET4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.928678036 CET49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.933132887 CET49748443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.933159113 CET4434974834.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.933347940 CET49748443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.933504105 CET49748443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.933523893 CET4434974834.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.969506025 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.974339008 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.975178957 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.975363970 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.977670908 CET4974180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.980077982 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.982719898 CET804974134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.982765913 CET4974180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.044634104 CET49750443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.044730902 CET4434975034.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.046758890 CET49750443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.048248053 CET49750443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.048280954 CET4434975034.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.052135944 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.056895971 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.057158947 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.057327986 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.062073946 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.386909008 CET4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.387001038 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.398602962 CET4434974834.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.398673058 CET49748443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.431983948 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.482278109 CET49748443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.482302904 CET4434974834.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.482661963 CET4434974834.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.482834101 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.485757113 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.485795021 CET4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.485861063 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.486399889 CET4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.486464024 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.488133907 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.488184929 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.521066904 CET44349746142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.521156073 CET49746443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.522878885 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.523593903 CET44349746142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.523665905 CET49746443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.528414011 CET49748443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.537630081 CET4434975034.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.537714958 CET49750443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.579461098 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.695108891 CET49748443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.695406914 CET4434974834.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.697928905 CET49748443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.700968981 CET49748443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.700989008 CET4434974834.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.702543974 CET49753443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.702610016 CET4434975334.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.702922106 CET49753443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.703449011 CET49753443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.703483105 CET4434975334.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.705034971 CET49750443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.705034971 CET49750443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.705127001 CET4434975034.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.705384016 CET49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.705421925 CET4434975034.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.705425024 CET4434975434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.705728054 CET49746443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.705748081 CET44349746142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.705810070 CET49746443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.706403971 CET44349746142.250.185.174192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.706417084 CET49750443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.706419945 CET49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.707853079 CET49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.707864046 CET4434975434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.710438013 CET49746443192.168.2.4142.250.185.174
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.727891922 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.732822895 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.735042095 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.735138893 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.739940882 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.780095100 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.785075903 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.879566908 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.929615974 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.145350933 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.150397062 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.161636114 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.181870937 CET4434975334.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.181967020 CET49753443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.184003115 CET4434975434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.185319901 CET49753443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.185343981 CET4434975334.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.185631990 CET4434975334.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.190565109 CET49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.195363998 CET49753443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.195446014 CET49753443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.195549965 CET4434975334.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.195677042 CET49753443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.196578026 CET49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.196587086 CET4434975434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.196661949 CET49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.196852922 CET4434975434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.197424889 CET49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.428936005 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.429264069 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.433727026 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.434088945 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.435033083 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.435230970 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.439982891 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.526923895 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.578324080 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.799559116 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.804820061 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.804899931 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.868293047 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.873363018 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.873461008 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.873625994 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.878489971 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:33.320699930 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:33.365268946 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.980935097 CET49761443192.168.2.434.211.125.135
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.980974913 CET4434976134.211.125.135192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.981350899 CET49761443192.168.2.434.211.125.135
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.982861996 CET49761443192.168.2.434.211.125.135
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.982876062 CET4434976134.211.125.135192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.757488012 CET4434976134.211.125.135192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.757565022 CET49761443192.168.2.434.211.125.135
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.761970997 CET49761443192.168.2.434.211.125.135
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.761984110 CET4434976134.211.125.135192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.762079954 CET49761443192.168.2.434.211.125.135
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.762221098 CET4434976134.211.125.135192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.762306929 CET49761443192.168.2.434.211.125.135
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.244947910 CET49765443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.244991064 CET4434976535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.246649981 CET49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.246686935 CET4434976634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.251420975 CET49765443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.251569033 CET49765443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.251580000 CET4434976535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.252017975 CET49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.253997087 CET49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.254030943 CET4434976634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.411638021 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.414028883 CET49767443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.414072990 CET4434976734.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.414928913 CET49767443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.416620016 CET49767443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.416640043 CET4434976734.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.416735888 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.509537935 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.521625996 CET49768443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.521666050 CET4434976834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.521903992 CET49768443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.523485899 CET49768443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.523504019 CET4434976834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.528084993 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.533063889 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.553539991 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.629945993 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.686078072 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.722484112 CET4434976535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.722577095 CET49765443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.725730896 CET49765443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.725760937 CET4434976535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.726051092 CET4434976535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.729346991 CET49765443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.729437113 CET49765443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.729535103 CET4434976535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.729598999 CET49765443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.732431889 CET4434976634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.732527971 CET49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.737739086 CET49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.737754107 CET4434976634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.737823963 CET49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.737986088 CET4434976634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.739164114 CET49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.876540899 CET4434976734.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.876622915 CET49767443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.882041931 CET49767443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.882062912 CET4434976734.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.882139921 CET49767443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.882256985 CET4434976734.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.882318020 CET49767443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.991842031 CET4434976834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.997033119 CET49768443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.001132965 CET49768443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.001153946 CET4434976834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.001250029 CET49768443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.001389980 CET4434976834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.001698017 CET49769443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.001806974 CET4434976934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.002053022 CET49768443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.002103090 CET49769443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.003492117 CET49769443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.003539085 CET4434976934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.385576010 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.390379906 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.407907963 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.407953024 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.416708946 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.418229103 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.418252945 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.468713999 CET4434976934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.468825102 CET49769443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.473568916 CET49769443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.473602057 CET4434976934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.473651886 CET49769443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.473853111 CET4434976934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.473962069 CET49769443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.484411001 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.544580936 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.574852943 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.575234890 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.579720020 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.580163956 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.601744890 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.601795912 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.602169991 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.602328062 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.602346897 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.669785023 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.673341036 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.723028898 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.723042011 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.751157999 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.751256943 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.752499104 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.752784014 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.752821922 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.909897089 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.914812088 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.915775061 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.915798903 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.918301105 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.922501087 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.922518969 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.922581911 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.922986031 CET4434977034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.923639059 CET49770443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:43.005013943 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:43.046370029 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:43.071609020 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:43.071711063 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:43.222872019 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:43.222955942 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.463418961 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.463481903 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.464446068 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.465775967 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.465861082 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.466231108 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.470045090 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.470530987 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.470752954 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.512814045 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.692231894 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.692260981 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.692483902 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.692545891 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.692995071 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.693058014 CET4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.693249941 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.693407059 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.693418026 CET4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.829854965 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.834830046 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.876363993 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.876398087 CET4434977434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.876713991 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.878134012 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.878153086 CET4434977434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.928658009 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.946090937 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.951042891 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.983025074 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.041076899 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.083328009 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.165405989 CET4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.165505886 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.168814898 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.168826103 CET4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.169100046 CET4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.171446085 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.171556950 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.171627998 CET4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.172122002 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.174067974 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.179085970 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.274014950 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.281343937 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.286247015 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.315190077 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.359672070 CET4434977434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.360491037 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.377054930 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.431108952 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:46.691402912 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:46.691402912 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:46.691514969 CET4434977434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:46.691782951 CET4434977434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:46.704013109 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.665008068 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.670950890 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.763984919 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.807260990 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.952351093 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.957317114 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.958034992 CET49775443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.958077908 CET4434977534.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.958178997 CET49775443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.959579945 CET49775443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.959597111 CET4434977534.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.047169924 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.092583895 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.420605898 CET4434977534.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.423549891 CET49775443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.428401947 CET49775443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.428415060 CET4434977534.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.428518057 CET49775443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.428595066 CET4434977534.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.429421902 CET49775443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.431780100 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.436583042 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.747864962 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.768469095 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.773363113 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.783714056 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.783797979 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.888025045 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.941857100 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.008270025 CET49776443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.008333921 CET4434977635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.013271093 CET49776443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.013734102 CET49776443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.013746023 CET4434977635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.034193993 CET49777443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.034256935 CET4434977734.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.035381079 CET49777443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.035667896 CET49777443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.035698891 CET4434977734.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.041230917 CET49778443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.041285992 CET44349778151.101.65.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.042428970 CET49779443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.042467117 CET4434977935.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.050941944 CET49778443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.051491976 CET49779443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.066843987 CET49778443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.066884041 CET44349778151.101.65.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.068348885 CET49779443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.068370104 CET4434977935.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.068859100 CET49780443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.068901062 CET4434978035.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.069255114 CET49780443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.070699930 CET49780443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.070714951 CET4434978035.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.489865065 CET4434977734.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.490008116 CET49777443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.494576931 CET49777443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.494592905 CET4434977734.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.494836092 CET4434977734.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.497893095 CET49777443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.498023033 CET49777443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.498055935 CET4434977734.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.498220921 CET49777443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.504936934 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.509848118 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.522923946 CET44349778151.101.65.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.522936106 CET44349778151.101.65.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.523049116 CET49778443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.525417089 CET4434977935.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.525465965 CET4434977935.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.526240110 CET49778443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.526253939 CET44349778151.101.65.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.526396036 CET49779443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.526489019 CET44349778151.101.65.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.529278994 CET4434978035.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.529444933 CET49780443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.533427000 CET49778443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.533586979 CET44349778151.101.65.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.533605099 CET49778443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.533613920 CET44349778151.101.65.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.533885956 CET49779443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.533899069 CET4434977935.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.533936024 CET49779443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.534215927 CET4434977935.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.535543919 CET49780443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.535552979 CET4434978035.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.535662889 CET49780443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.535758972 CET4434978035.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.536840916 CET49779443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.536871910 CET49780443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.546577930 CET49781443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.546618938 CET4434978135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.546811104 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.546844959 CET4434978235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.547878981 CET49781443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.547884941 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.548053026 CET49781443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.548077106 CET4434978135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.548208952 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.548221111 CET4434978235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.549763918 CET49783443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.549781084 CET4434978335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.550173998 CET49783443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.550292015 CET49783443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.550303936 CET4434978335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.563662052 CET49784443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.563698053 CET4434978434.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.563795090 CET49784443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.563950062 CET49784443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.563966036 CET4434978434.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.596426010 CET4434977635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.596537113 CET49776443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.600429058 CET49776443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.600446939 CET4434977635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.600723982 CET4434977635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.604229927 CET49776443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.604365110 CET49776443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.604479074 CET4434977635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.604994059 CET49776443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.628024101 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.631778002 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.636575937 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.668404102 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.726686001 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.751338959 CET44349778151.101.65.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.751461983 CET49778443192.168.2.4151.101.65.91
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.768676043 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.999675989 CET4434978235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.999775887 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.001719952 CET4434978135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.003689051 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.003705025 CET4434978235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.003974915 CET4434978235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.006365061 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.006427050 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.006573915 CET4434978235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.011333942 CET4434978235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.011347055 CET4434978135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.014652967 CET4434978335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.015676975 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.016222954 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.016242981 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.016509056 CET49782443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.016511917 CET49781443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.019351959 CET4434978335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.019706964 CET49781443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.019715071 CET4434978135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.020023108 CET4434978135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.020477057 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.027334929 CET49783443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.029963970 CET49783443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.029973030 CET4434978335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.030344009 CET4434978335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.031913996 CET49781443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.032026052 CET49781443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.032135010 CET4434978135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.033365011 CET49783443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.033409119 CET49783443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.033593893 CET4434978335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.033659935 CET49781443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.033682108 CET49783443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.036956072 CET4434978434.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.037699938 CET49784443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.040997028 CET49784443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.041013002 CET4434978434.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.041235924 CET4434978434.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.044282913 CET49784443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.044375896 CET49784443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.044486046 CET4434978434.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.045068026 CET49784443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.113604069 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.117427111 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.122282982 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.154181957 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.212374926 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.254512072 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:58.680254936 CET49786443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:58.680310011 CET4434978634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:58.680773020 CET49786443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:58.682492018 CET49786443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:58.682512045 CET4434978634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.167654037 CET4434978634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.167779922 CET49786443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.174515009 CET49786443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.174559116 CET4434978634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.174745083 CET4434978634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.174891949 CET49786443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.174910069 CET4434978634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.178355932 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.183187008 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.278486013 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.282099962 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.287012100 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.322813034 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.377491951 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.379331112 CET4434978634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.379393101 CET49786443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.423130989 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:09.289601088 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:09.294579029 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:09.389838934 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:09.394777060 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.303864002 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.308762074 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.404180050 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.410413980 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.449225903 CET49813443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.449261904 CET4434981334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.449703932 CET49813443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.451286077 CET49813443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.451297045 CET4434981334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.917058945 CET4434981334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.917131901 CET49813443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.922446012 CET49813443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.922451973 CET4434981334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.922553062 CET49813443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.922615051 CET4434981334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.922801018 CET49813443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.925416946 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.930270910 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:20.023957968 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:20.027481079 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:20.032336950 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:20.068502903 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:20.123342037 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:20.168880939 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.917953014 CET49861443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.917957067 CET49860443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.918001890 CET4434986034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.918004036 CET4434986134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.918451071 CET49861443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.918452978 CET49860443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.918452978 CET49860443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.918486118 CET4434986034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.918585062 CET49861443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.918597937 CET4434986134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.920445919 CET49862443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.920456886 CET4434986234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.921768904 CET49862443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.922234058 CET49862443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.922244072 CET4434986234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.378669977 CET4434986034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.379028082 CET49860443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.382735968 CET4434986134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.382771969 CET49860443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.382788897 CET4434986034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.383277893 CET49861443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.384443045 CET4434986034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.385472059 CET4434986234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.385803938 CET49861443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.385831118 CET4434986134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.386082888 CET4434986134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.388199091 CET49860443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.388521910 CET49860443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.388658047 CET4434986034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.389149904 CET49861443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.389225960 CET49861443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.389372110 CET4434986134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.389417887 CET49860443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.389417887 CET49861443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.389451027 CET49860443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.389451027 CET49862443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.392724037 CET49862443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.392736912 CET4434986234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.393095016 CET4434986234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.394916058 CET49861443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.397186041 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.397244930 CET49862443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.397326946 CET49862443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.397546053 CET4434986234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.399935007 CET49862443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.403599024 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.498374939 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.502475023 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.508164883 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.542047024 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.598416090 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.642513990 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.103130102 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.107985020 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.202270031 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.205502033 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.211358070 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.244158983 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.301970959 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.344465971 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:38.209533930 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:38.214369059 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:38.310408115 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:38.315184116 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:48.218033075 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:48.222845078 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:48.340698004 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:48.345594883 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:58.231693983 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:58.236495972 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:58.347651958 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:58.352520943 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.148499012 CET50058443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.148555994 CET4435005834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.148614883 CET50058443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.150207043 CET50058443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.150235891 CET4435005834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.660286903 CET4435005834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.660495043 CET50058443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.668687105 CET50058443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.668713093 CET4435005834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.668801069 CET50058443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.668997049 CET4435005834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.669097900 CET50058443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.671780109 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.676562071 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.770287991 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.774326086 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.779072046 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.823359013 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.869112968 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.923700094 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:10.780894995 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:10.785815954 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:10.881190062 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:10.886140108 CET804975734.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:20.794995070 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:20.799859047 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:20.894828081 CET4975780192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:20.899749041 CET804975734.107.221.82192.168.2.4

                                                                                                                                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:27.667960882 CET5626753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:27.675177097 CET53562671.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:27.681361914 CET5370953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:27.688570976 CET53537091.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.406997919 CET5443453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.415463924 CET53544341.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.417478085 CET5969853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.418922901 CET6206253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.424681902 CET53596981.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.426141977 CET53620621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.427618980 CET6238453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.429996014 CET5796453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.434120893 CET53623841.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.435715914 CET6298453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.436666965 CET53579641.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.443662882 CET53629841.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.347309113 CET5198653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.347712040 CET6159953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.354376078 CET53519861.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.356136084 CET53615991.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.363482952 CET4953253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.370450974 CET53495321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.381253004 CET5957953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.382777929 CET4999953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.389576912 CET53595791.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.389852047 CET53499991.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.401443005 CET4997253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.408546925 CET53499721.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.422698975 CET5898253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.430121899 CET53589821.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.437231064 CET4969553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.445662022 CET53496951.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.881197929 CET4974553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.881436110 CET5639253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.887813091 CET53497451.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.888190985 CET53563921.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.925210953 CET6440853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.932291031 CET53644081.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.933290958 CET6202053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.940135956 CET53620201.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.940812111 CET5597153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.947721958 CET53559711.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.961174011 CET6092853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.968513966 CET53609281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.961909056 CET6305653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.964006901 CET5919953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.969583988 CET53630561.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.971134901 CET53591991.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.981270075 CET5329153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.983979940 CET6065653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.990812063 CET53532911.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.991157055 CET53606561.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.991544008 CET5141453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.992125988 CET6026853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.999376059 CET53602681.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.999387980 CET53514141.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.419159889 CET5584553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.426146984 CET53558451.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.427274942 CET4936053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.433909893 CET53493601.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.434459925 CET5856453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.441327095 CET53585641.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.242924929 CET5483553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.247164965 CET6197953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.249933958 CET53548351.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.254095078 CET53619791.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.265736103 CET5764053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.272551060 CET53576401.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.513649940 CET6163453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.520704031 CET53616341.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.521814108 CET5570053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.529958010 CET53557001.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.533128977 CET6278553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.541637897 CET53627851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.959098101 CET5100953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.966466904 CET53510091.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.724220037 CET5297553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.724663019 CET5944753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.725056887 CET6348153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET53529751.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731342077 CET53594471.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.732255936 CET53634811.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.732295990 CET5029053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.733329058 CET6171053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.733684063 CET5757853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET53502901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.740000963 CET53617101.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.740458965 CET5782053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.741101980 CET53575781.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.746532917 CET5041753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.746871948 CET6495353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.747442961 CET53578201.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.748344898 CET6046153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.753882885 CET53649531.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.753957987 CET53504171.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.754755020 CET5562453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.755037069 CET53604611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.755764008 CET6002253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.761677027 CET53556241.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.762401104 CET6030153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.762980938 CET53600221.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.763519049 CET5027153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.769351959 CET53603011.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.769931078 CET4967253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.771172047 CET53502711.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.776807070 CET53496721.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.009468079 CET4954753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.016118050 CET53495471.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.030064106 CET5668053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.037396908 CET53566801.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.043375969 CET5689153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.050087929 CET53568911.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.050112009 CET5757153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.051935911 CET6016853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.059809923 CET53575711.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.059822083 CET53601681.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.061661959 CET5007253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.069356918 CET53500721.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.071921110 CET6297553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.078597069 CET53629751.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.046248913 CET5676953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.055255890 CET53567691.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.056027889 CET6482253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.064405918 CET53648221.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:58.680437088 CET6521253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:58.687349081 CET53652121.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.440114021 CET6534853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.448040009 CET53653481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.449507952 CET5324553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.458939075 CET53532451.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.969778061 CET4929853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.976583004 CET53492981.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.103329897 CET4918353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.110451937 CET53491831.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.140423059 CET5327753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.147340059 CET53532771.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.148439884 CET5988853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.156429052 CET53598881.1.1.1192.168.2.4

                                                                                                                                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:27.667960882 CET192.168.2.41.1.1.10x968aStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:27.681361914 CET192.168.2.41.1.1.10x5b47Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.406997919 CET192.168.2.41.1.1.10xe352Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.417478085 CET192.168.2.41.1.1.10xc514Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.418922901 CET192.168.2.41.1.1.10x28f8Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.427618980 CET192.168.2.41.1.1.10x7e7aStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.429996014 CET192.168.2.41.1.1.10xf39eStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.435715914 CET192.168.2.41.1.1.10x6b23Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.347309113 CET192.168.2.41.1.1.10xb8ecStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.347712040 CET192.168.2.41.1.1.10x5584Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.363482952 CET192.168.2.41.1.1.10x1fa3Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.381253004 CET192.168.2.41.1.1.10x47c7Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.382777929 CET192.168.2.41.1.1.10x903aStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.401443005 CET192.168.2.41.1.1.10x989eStandard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.422698975 CET192.168.2.41.1.1.10xf490Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.437231064 CET192.168.2.41.1.1.10x7218Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.881197929 CET192.168.2.41.1.1.10xcd74Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.881436110 CET192.168.2.41.1.1.10xc1b7Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.925210953 CET192.168.2.41.1.1.10x22c0Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.933290958 CET192.168.2.41.1.1.10xbcc6Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.940812111 CET192.168.2.41.1.1.10xc384Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.961174011 CET192.168.2.41.1.1.10x9affStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.961909056 CET192.168.2.41.1.1.10xb8e7Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.964006901 CET192.168.2.41.1.1.10xb0eStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.981270075 CET192.168.2.41.1.1.10xce81Standard query (0)shavar.prod.mozaws.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.983979940 CET192.168.2.41.1.1.10xdbe9Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.991544008 CET192.168.2.41.1.1.10x2b6bStandard query (0)shavar.prod.mozaws.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.992125988 CET192.168.2.41.1.1.10xf730Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.419159889 CET192.168.2.41.1.1.10xef5dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.427274942 CET192.168.2.41.1.1.10x2ce1Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.434459925 CET192.168.2.41.1.1.10x9f02Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.242924929 CET192.168.2.41.1.1.10xb449Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.247164965 CET192.168.2.41.1.1.10xd2f2Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.265736103 CET192.168.2.41.1.1.10x5d6aStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.513649940 CET192.168.2.41.1.1.10xa7efStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.521814108 CET192.168.2.41.1.1.10x9098Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.533128977 CET192.168.2.41.1.1.10xeafdStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.959098101 CET192.168.2.41.1.1.10x3f5aStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.724220037 CET192.168.2.41.1.1.10x5acaStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.724663019 CET192.168.2.41.1.1.10xad3aStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.725056887 CET192.168.2.41.1.1.10xebc2Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.732295990 CET192.168.2.41.1.1.10x9a19Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.733329058 CET192.168.2.41.1.1.10x592Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.733684063 CET192.168.2.41.1.1.10x15a2Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.740458965 CET192.168.2.41.1.1.10xd0b5Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.746532917 CET192.168.2.41.1.1.10xbf1dStandard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.746871948 CET192.168.2.41.1.1.10x6c8eStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.748344898 CET192.168.2.41.1.1.10xc2d6Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.754755020 CET192.168.2.41.1.1.10xcde0Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.755764008 CET192.168.2.41.1.1.10x1857Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.762401104 CET192.168.2.41.1.1.10xaffcStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.763519049 CET192.168.2.41.1.1.10x9baaStandard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.769931078 CET192.168.2.41.1.1.10x412eStandard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.009468079 CET192.168.2.41.1.1.10x2e9eStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.030064106 CET192.168.2.41.1.1.10xf077Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.043375969 CET192.168.2.41.1.1.10x7d3aStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.050112009 CET192.168.2.41.1.1.10x3e8fStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.051935911 CET192.168.2.41.1.1.10xc30Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.061661959 CET192.168.2.41.1.1.10x2445Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.071921110 CET192.168.2.41.1.1.10xd248Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.046248913 CET192.168.2.41.1.1.10x343cStandard query (0)a19.dscg10.akamai.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.056027889 CET192.168.2.41.1.1.10x350aStandard query (0)a19.dscg10.akamai.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:58.680437088 CET192.168.2.41.1.1.10x46b9Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.440114021 CET192.168.2.41.1.1.10x54dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.449507952 CET192.168.2.41.1.1.10xa642Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.969778061 CET192.168.2.41.1.1.10x9f72Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.103329897 CET192.168.2.41.1.1.10x98fdStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.140423059 CET192.168.2.41.1.1.10xc12dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.148439884 CET192.168.2.41.1.1.10x31f5Standard query (0)push.services.mozilla.com28IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:27.622952938 CET1.1.1.1192.168.2.40x962cNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:27.675177097 CET1.1.1.1192.168.2.40x968aNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.415463924 CET1.1.1.1192.168.2.40xe352No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.415463924 CET1.1.1.1192.168.2.40xe352No error (0)detectportal.prod.mozaws.netprod.detectportal.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.415463924 CET1.1.1.1192.168.2.40xe352No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.424681902 CET1.1.1.1192.168.2.40xc514No error (0)youtube.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.426141977 CET1.1.1.1192.168.2.40x28f8No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.434120893 CET1.1.1.1192.168.2.40x7e7aNo error (0)youtube.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.436666965 CET1.1.1.1192.168.2.40xf39eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.443662882 CET1.1.1.1192.168.2.40x6b23No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.354376078 CET1.1.1.1192.168.2.40xb8ecNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.356136084 CET1.1.1.1192.168.2.40x5584No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.356136084 CET1.1.1.1192.168.2.40x5584No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.370450974 CET1.1.1.1192.168.2.40x1fa3No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.389852047 CET1.1.1.1192.168.2.40x903aNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.417511940 CET1.1.1.1192.168.2.40x7952No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.417511940 CET1.1.1.1192.168.2.40x7952No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.430121899 CET1.1.1.1192.168.2.40xf490No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.887813091 CET1.1.1.1192.168.2.40xcd74No error (0)example.org96.7.128.186A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.887813091 CET1.1.1.1192.168.2.40xcd74No error (0)example.org23.215.0.132A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.887813091 CET1.1.1.1192.168.2.40xcd74No error (0)example.org23.215.0.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.887813091 CET1.1.1.1192.168.2.40xcd74No error (0)example.org96.7.128.192A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.888190985 CET1.1.1.1192.168.2.40xc1b7No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.888190985 CET1.1.1.1192.168.2.40xc1b7No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.932291031 CET1.1.1.1192.168.2.40x22c0No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.932291031 CET1.1.1.1192.168.2.40x22c0No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.932291031 CET1.1.1.1192.168.2.40x22c0No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.940135956 CET1.1.1.1192.168.2.40xbcc6No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.947721958 CET1.1.1.1192.168.2.40xc384No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.968513966 CET1.1.1.1192.168.2.40x9affNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.968513966 CET1.1.1.1192.168.2.40x9affNo error (0)detectportal.prod.mozaws.netprod.detectportal.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.968513966 CET1.1.1.1192.168.2.40x9affNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.969583988 CET1.1.1.1192.168.2.40xb8e7No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.969583988 CET1.1.1.1192.168.2.40xb8e7No error (0)shavar.prod.mozaws.net34.211.125.135A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.969583988 CET1.1.1.1192.168.2.40xb8e7No error (0)shavar.prod.mozaws.net44.233.129.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.969583988 CET1.1.1.1192.168.2.40xb8e7No error (0)shavar.prod.mozaws.net34.211.101.148A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.971134901 CET1.1.1.1192.168.2.40xb0eNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.971134901 CET1.1.1.1192.168.2.40xb0eNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.971134901 CET1.1.1.1192.168.2.40xb0eNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.990812063 CET1.1.1.1192.168.2.40xce81No error (0)shavar.prod.mozaws.net44.233.129.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.990812063 CET1.1.1.1192.168.2.40xce81No error (0)shavar.prod.mozaws.net34.211.125.135A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.990812063 CET1.1.1.1192.168.2.40xce81No error (0)shavar.prod.mozaws.net34.211.101.148A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:36.991157055 CET1.1.1.1192.168.2.40xdbe9No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.426146984 CET1.1.1.1192.168.2.40xef5dNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:37.433909893 CET1.1.1.1192.168.2.40x2ce1No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.234060049 CET1.1.1.1192.168.2.40x8405No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.234060049 CET1.1.1.1192.168.2.40x8405No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.235384941 CET1.1.1.1192.168.2.40xfad3No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.254095078 CET1.1.1.1192.168.2.40xd2f2No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.520704031 CET1.1.1.1192.168.2.40xa7efNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.520704031 CET1.1.1.1192.168.2.40xa7efNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.529958010 CET1.1.1.1192.168.2.40x9098No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.397897005 CET1.1.1.1192.168.2.40xd22dNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731228113 CET1.1.1.1192.168.2.40x5acaNo error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731342077 CET1.1.1.1192.168.2.40xad3aNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.731342077 CET1.1.1.1192.168.2.40xad3aNo error (0)star-mini.c10r.facebook.com157.240.253.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.732255936 CET1.1.1.1192.168.2.40xebc2No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.732255936 CET1.1.1.1192.168.2.40xebc2No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET1.1.1.1192.168.2.40x9a19No error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET1.1.1.1192.168.2.40x9a19No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET1.1.1.1192.168.2.40x9a19No error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET1.1.1.1192.168.2.40x9a19No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET1.1.1.1192.168.2.40x9a19No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET1.1.1.1192.168.2.40x9a19No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET1.1.1.1192.168.2.40x9a19No error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET1.1.1.1192.168.2.40x9a19No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET1.1.1.1192.168.2.40x9a19No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET1.1.1.1192.168.2.40x9a19No error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET1.1.1.1192.168.2.40x9a19No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET1.1.1.1192.168.2.40x9a19No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET1.1.1.1192.168.2.40x9a19No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET1.1.1.1192.168.2.40x9a19No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET1.1.1.1192.168.2.40x9a19No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.739276886 CET1.1.1.1192.168.2.40x9a19No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.740000963 CET1.1.1.1192.168.2.40x592No error (0)star-mini.c10r.facebook.com157.240.251.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.741101980 CET1.1.1.1192.168.2.40x15a2No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.747442961 CET1.1.1.1192.168.2.40xd0b5No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.747442961 CET1.1.1.1192.168.2.40xd0b5No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.747442961 CET1.1.1.1192.168.2.40xd0b5No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.747442961 CET1.1.1.1192.168.2.40xd0b5No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.753882885 CET1.1.1.1192.168.2.40x6c8eNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.753957987 CET1.1.1.1192.168.2.40xbf1dNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.755037069 CET1.1.1.1192.168.2.40xc2d6No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.755037069 CET1.1.1.1192.168.2.40xc2d6No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.755037069 CET1.1.1.1192.168.2.40xc2d6No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.755037069 CET1.1.1.1192.168.2.40xc2d6No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.755037069 CET1.1.1.1192.168.2.40xc2d6No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.761677027 CET1.1.1.1192.168.2.40xcde0No error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.762980938 CET1.1.1.1192.168.2.40x1857No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.762980938 CET1.1.1.1192.168.2.40x1857No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.762980938 CET1.1.1.1192.168.2.40x1857No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.762980938 CET1.1.1.1192.168.2.40x1857No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.769351959 CET1.1.1.1192.168.2.40xaffcNo error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.769351959 CET1.1.1.1192.168.2.40xaffcNo error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.769351959 CET1.1.1.1192.168.2.40xaffcNo error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:50.769351959 CET1.1.1.1192.168.2.40xaffcNo error (0)twitter.com104.244.42.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.037396908 CET1.1.1.1192.168.2.40xf077No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.037396908 CET1.1.1.1192.168.2.40xf077No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.037396908 CET1.1.1.1192.168.2.40xf077No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.037396908 CET1.1.1.1192.168.2.40xf077No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.050087929 CET1.1.1.1192.168.2.40x7d3aNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.050087929 CET1.1.1.1192.168.2.40x7d3aNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.050087929 CET1.1.1.1192.168.2.40x7d3aNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.050087929 CET1.1.1.1192.168.2.40x7d3aNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.059809923 CET1.1.1.1192.168.2.40x3e8fNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.059809923 CET1.1.1.1192.168.2.40x3e8fNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.059822083 CET1.1.1.1192.168.2.40xc30No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.059822083 CET1.1.1.1192.168.2.40xc30No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.059822083 CET1.1.1.1192.168.2.40xc30No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.059822083 CET1.1.1.1192.168.2.40xc30No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.069356918 CET1.1.1.1192.168.2.40x2445No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.044990063 CET1.1.1.1192.168.2.40xbe43No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.044990063 CET1.1.1.1192.168.2.40xbe43No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.044990063 CET1.1.1.1192.168.2.40xbe43No error (0)a17.rackcdn.com.mdc.edgesuite.neta19.dscg10.akamai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.044990063 CET1.1.1.1192.168.2.40xbe43No error (0)a19.dscg10.akamai.net2.22.61.59A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.044990063 CET1.1.1.1192.168.2.40xbe43No error (0)a19.dscg10.akamai.net2.22.61.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.055255890 CET1.1.1.1192.168.2.40x343cNo error (0)a19.dscg10.akamai.net2.22.61.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.055255890 CET1.1.1.1192.168.2.40x343cNo error (0)a19.dscg10.akamai.net2.22.61.59A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.064405918 CET1.1.1.1192.168.2.40x350aNo error (0)a19.dscg10.akamai.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.064405918 CET1.1.1.1192.168.2.40x350aNo error (0)a19.dscg10.akamai.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.448040009 CET1.1.1.1192.168.2.40x54dNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:26.923830032 CET1.1.1.1192.168.2.40xc1b6No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.110451937 CET1.1.1.1192.168.2.40x98fdNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.110451937 CET1.1.1.1192.168.2.40x98fdNo error (0)detectportal.prod.mozaws.netprod.detectportal.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.110451937 CET1.1.1.1192.168.2.40x98fdNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.147340059 CET1.1.1.1192.168.2.40xc12dNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                              • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                              0192.168.2.44974134.107.221.82806404C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:29.956537962 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.417473078 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 20:33:28 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 64802
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                              1192.168.2.44974934.107.221.82806404C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:30.975363970 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.431983948 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 16:53:21 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 78010
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                              2192.168.2.44975134.107.221.82806404C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.057327986 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.522878885 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69446
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.780095100 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.879566908 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69446
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.428936005 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.526923895 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69447
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.411638021 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.509537935 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69456
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.385576010 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.484411001 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69457
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.575234890 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.673341036 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69457
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.829854965 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.928658009 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69459
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.174067974 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.274014950 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69460
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.665008068 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.763984919 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69462
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.431780100 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.747864962 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69463
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.783714056 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69463
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.504936934 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.628024101 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69471
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.015676975 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.113604069 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69472
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.178355932 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.278486013 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69474
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:09.289601088 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.303864002 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.925416946 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:20.023957968 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69494
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.397186041 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.498374939 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69502
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.103130102 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.202270031 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69503
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:38.209533930 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:48.218033075 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:58.231693983 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.671780109 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.770287991 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 19:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 69535
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:10.780894995 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:20.794995070 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                              3192.168.2.44975534.107.221.82806404C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:31.735138893 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache


                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                              4192.168.2.44975634.107.221.82806404C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.435230970 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache


                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                              5192.168.2.44975734.107.221.82806404C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:32.873625994 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:33.320699930 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 16:53:21 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 78012
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.528084993 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:41.629945993 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 16:53:21 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 78020
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.574852943 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.669785023 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 16:53:21 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 78021
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:42.909897089 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:43.005013943 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 16:53:21 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 78021
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:44.946090937 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.041076899 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 16:53:21 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 78023
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.281343937 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:45.377054930 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 16:53:21 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 78024
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:47.952351093 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.047169924 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 16:53:21 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 78027
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.768469095 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:48.888025045 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 16:53:21 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 78027
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.631778002 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:56.726686001 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 16:53:21 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 78035
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.117427111 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:57.212374926 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 16:53:21 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 78036
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.282099962 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:33:59.377491951 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 16:53:21 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 78038
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:09.389838934 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:19.404180050 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:20.027481079 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:20.123342037 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 16:53:21 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 78059
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.502475023 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:27.598416090 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 16:53:21 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 78066
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.205502033 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:28.301970959 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 16:53:21 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 78067
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:38.310408115 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:48.340698004 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:34:58.347651958 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.774326086 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:00.869112968 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 21 Jan 2025 16:53:21 GMT
                                                                                                                                                                                                                                                                                                                                                              Age: 78099
                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:10.881190062 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                              Jan 22, 2025 15:35:20.894828081 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:18
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\random.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\random.exe"
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x1f0000
                                                                                                                                                                                                                                                                                                                                                              File size:970'240 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:B986D1882535E8F044C3D091D324D2F9
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:19
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x920000
                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:19
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:21
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x920000
                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:21
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:21
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x920000
                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:21
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:21
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x920000
                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:21
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:22
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x920000
                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:22
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:22
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:22
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:22
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:24
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2224 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c958a673-8d2a-4932-a065-728f92b5ad4e} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 1b575770310 socket
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:27
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4112 -parentBuildID 20230927232528 -prefsHandle 3816 -prefMapHandle 3048 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cef76444-a689-447f-b1a3-9f982a55c08d} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 1b507bdf410 rdd
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                              Target ID:20
                                                                                                                                                                                                                                                                                                                                                              Start time:09:33:40
                                                                                                                                                                                                                                                                                                                                                              Start date:22/01/2025
                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3984 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 2784 -prefMapHandle 2768 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c18f3a26-7389-4e0f-8ffe-2a8c2ec164cb} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 1b50fda6910 utility
                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                                                                                                                                              Reset < >