Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/12/2023, 03:22 UTC

General

  • Target

    9eddeebc0caaaf59847d80064d1fe276dabd87306e3ad0e768c69c4d5b0ead9d.exe

  • Size

    211KB

  • MD5

    dd5e21a253fc73601aace400d17685af

  • SHA1

    e2366de497c966316e51c6c249b401c24bc09eee

  • SHA256

    9eddeebc0caaaf59847d80064d1fe276dabd87306e3ad0e768c69c4d5b0ead9d

  • SHA512

    1bd06ea3bbf3a1101718aacd0b9e48b64919a76d5d778b47a364e42aa937b7cb1adb99b805db5cdb737acee5af72b486d40f38d9a41eaa807881f02cc64159c6

  • SSDEEP

    3072:BqGLRIhlEkMMD4qxPxxk+imo0zgF7LbWFzR+Ax:EGLRGyRidPxxksoiglLE

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://humydrole.com/tmp/index.php

http://trunk-co.ru/tmp/index.php

http://weareelight.com/tmp/index.php

http://pirateking.online/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32
1
0x3b22e540
rc4.i32
1
0xa6b397e0

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\9eddeebc0caaaf59847d80064d1fe276dabd87306e3ad0e768c69c4d5b0ead9d.exe
    "C:\Users\Admin\AppData\Local\Temp\9eddeebc0caaaf59847d80064d1fe276dabd87306e3ad0e768c69c4d5b0ead9d.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:3448

Network

  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    72.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301102_1BHX5R8BV838HBSD7&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301102_1BHX5R8BV838HBSD7&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 270131
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F1B6657CA8D5496F821C719058C854E7 Ref B: LON04EDGE0817 Ref C: 2023-12-11T03:22:27Z
    date: Mon, 11 Dec 2023 03:22:26 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301151_191TZ1ARIUD05NY0D&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301151_191TZ1ARIUD05NY0D&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 327435
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9FD0C9075CF14C4599DDA670EE5D194A Ref B: LON04EDGE0817 Ref C: 2023-12-11T03:22:27Z
    date: Mon, 11 Dec 2023 03:22:26 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301535_1ECP54607Y582Y2EJ&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301535_1ECP54607Y582Y2EJ&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 200616
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 07F50A128E3E49EF903535E1394EE2AB Ref B: LON04EDGE0817 Ref C: 2023-12-11T03:22:27Z
    date: Mon, 11 Dec 2023 03:22:26 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301560_1VYM1AB1UOOH4QGUY&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301560_1VYM1AB1UOOH4QGUY&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 185181
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0E03082F98C74CA29EA871FBEAC665A2 Ref B: LON04EDGE0817 Ref C: 2023-12-11T03:22:27Z
    date: Mon, 11 Dec 2023 03:22:26 GMT
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    humydrole.com
    Remote address:
    8.8.8.8:53
    Request
    humydrole.com
    IN A
    Response
    humydrole.com
    IN A
    123.213.233.131
    humydrole.com
    IN A
    181.168.176.36
    humydrole.com
    IN A
    195.158.3.162
    humydrole.com
    IN A
    179.153.102.52
    humydrole.com
    IN A
    189.232.1.60
    humydrole.com
    IN A
    186.13.17.220
    humydrole.com
    IN A
    210.182.29.70
    humydrole.com
    IN A
    190.218.146.245
    humydrole.com
    IN A
    186.182.55.44
    humydrole.com
    IN A
    211.53.230.67
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://gsijfnjupcpaeiia.net/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 238
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:22:44 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 8
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://evhpdflmspwe.com/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 167
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:22:45 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-us
    DNS
    131.233.213.123.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    131.233.213.123.in-addr.arpa
    IN PTR
    Response
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://rmlcsyuxmxrbqmnk.org/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 160
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:22:48 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://xhbvqytsgnklsymk.net/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 166
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:22:49 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://qcogxhasrnm.org/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 237
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:22:50 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://cyarlvjkleeahw.net/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 274
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:22:52 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://cgwxkqibopfo.org/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 171
    Host: humydrole.com
    Response
    HTTP/1.1 200 OK
    Date: Mon, 11 Dec 2023 03:22:53 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 0
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://mwaueicngstogpd.org/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 267
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:22:55 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://yvqywubgjbgqr.net/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 273
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:22:56 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://rgauiahtmjndnkr.com/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 152
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:22:57 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://xrksrcqnuoe.net/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 169
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:23:00 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://psbycspcmtl.org/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 180
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:23:01 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://frmduvcbggnub.com/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 131
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:23:05 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://uartraqftoeyxgo.com/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 256
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:23:06 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://cgfogtvhidgflp.com/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 365
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:23:08 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://qnhyoeeltqgo.com/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 225
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:23:09 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://lwrqeaniibm.org/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 247
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:23:11 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://maidltcpduustik.net/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 121
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:23:13 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-kr
    POST
    http://humydrole.com/tmp/index.php
    Remote address:
    123.213.233.131:80
    Request
    POST /tmp/index.php HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://uofiutuqtxjj.net/
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Content-Length: 267
    Host: humydrole.com
    Response
    HTTP/1.0 404 Not Found
    Date: Mon, 11 Dec 2023 03:23:17 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15
    X-Powered-By: PHP/7.4.15
    Content-Length: 340
    Connection: close
    Content-Type: text/html; charset=utf-8
  • flag-us
    DNS
    104.241.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.241.123.92.in-addr.arpa
    IN PTR
    Response
    104.241.123.92.in-addr.arpa
    IN PTR
    a92-123-241-104deploystaticakamaitechnologiescom
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    211.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    211.178.17.96.in-addr.arpa
    IN PTR
    Response
    211.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-211deploystaticakamaitechnologiescom
  • flag-us
    DNS
    42.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    42.134.221.88.in-addr.arpa
    IN PTR
    Response
    42.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-42deploystaticakamaitechnologiescom
  • flag-us
    DNS
    Remote address:
    8.8.8.8:53
    Response
    176.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-176deploystaticakamaitechnologiescom
  • flag-gb
    DNS
    Remote address:
    96.17.178.176:80
    Response
    _��6|���Lz�sMQ#�}4���Lq Gs��T~E;�D��n��'�s�I�jG��·qze@���/q��� /rs7QSKz��{�/��vr����ා�T�K�|�)�ĺ��};7���D���ʛ�ʛ����F�%n�C��0�e���4G�"z��[����5���KFc1�7�����S��#eS>��]ęg踙7� EF.���(�8%J����RD�����L3k$ �������O�(����|��/� ��n����Bv���L�Ń�)�W1hrv����|��v�fMR�o����OЬ�ls^��Χ�0�� ��G�Ķ=�h�ǥ:��e=��x��t����h�%������?�<����y�:�l�54��Smw�\���M po��/��qGe���SQ�MŚ���4�dp���`�ֈ'�w6y����R�� �R��#Ab��}�I���^��FMِ-6l�ԧW �/(Q�'�@u�f�7��l@Ɋ����9 ��ޯ},H��/ón��]��Qc�U ��ϕ���__�yؘ.��4�R�G��k/s˂�Æ����MܹH���j����vn���ɿ Þ�*�_{�T��5�Z�qc��2�A�`��L �7�����ͭ�Z ����VD��읅`C��T�G�!`A�c{������� �^�Bu��<e�Cy'� ;_nhs�vLP�~%��?��$�����Df��C,��r�|{t%��8��� ��tc�U��Wm��>�� x�9d�.��|e q!��7Ak7e�2ŗ��WB��g�b9ǭ��ήm�6!*�_e��\l�α�K�G����}���?ҹ�>���X��jփ_H ݲ��u������<Y�:sM~�\���\]�iV�&SbEOp�D���;�D�r?>� ��E�`��"�]��Mx�&�9/})�[wf E�Q�B�b?� ?��C��ާe$�?N]����j�5�Q���f~�T����!�֙���5+� tvKI$�m�w���,^�1koFZ�  �|���[]�[|��L<<��MYKK� H��nx{���'f6�K ob��k�P��@Dx��Xc����6���{�p�<�����rg�t�#9F�F��.�� :��􅐜���)�D���t�.�!>��t�("��3etx���G_���q�f:��B-tH����юN|X��K�th7��tX@��2:<�PN����tx�:|�|-t�&R:�z^"Ş�nHI���.������0�-! ��Wû��J'��'�6�0�L���<�m��߿�^�)l�)�~�ΐ={å�g���ٍ�?;��Ͼ����=�} ��g�WW{��L�b'�����+J�,��j�ȹ�p�Z��\w�&��+�zg��Աph�=�C*�iJ������W|;��#��Ȏqs}[��\ �g�$�a�i�+7eX�� ���;�) �� ^�)�����M���$���������;2 ��H�o�'t)Y���� ����"�)��@���_ ��O��-� ���uT ev.�[ф�,���8��C��[����R����ږ��o�(�k�J� s���Y�~I{Vnf�Y����A-b��S}�"�ӽ>�|>���z3>�w$|&ϯ?>�7��Y?��n ����獃�I����gtb>��ҿ}�_g�'s��Ϸ���O'>g���3� �ϰ�����SFxJ��җ�~3�׏x��on�&�{�������������nU�������r���W�K9�p�H�(���&��}Y��RN����0��������5� ��$��C�5���.x�{�Ûٻ������W��x���û8���_��������Z���I:�:��ܨ{�;�!$�� l��;�$��Jd��]4��o< _��^�4� W���� �EeR����v�AQ]w(DWDE\�Ԩ��Vq%�A���FP ���*�.���1c�#�6QSk�Դj�$XmF�m�@A i|\�T��U1��<��s.g���ܽg�w����;������4�s�K�/��49� ���›�L�v�� I�x���.������mOI�xġ�vg� ��;��nmn��@�������#�^<�s�)F�̥x����(n�$V��=�Hͱ�ڳ�ߩ��M�q����o�-���0Xg�.������y�w^�Ǹ.���;��L|����������?[�3��K��^,=��C�"F���I��"A�LPy\\���'��� n�L�I;F�M��X��3i��KU�dp�ۍ�$<R�)>$�S ήK�2T��o�� _���}I�#��3��x�����ub�P����^����(��T<�I<�6�\<4��xt� ~�����!hlYc�����0`�槝i9�!TRϳ�� j���ޟ+��V��~�|��[ k��M^c3�������&u�qY1��E:���^��&7ٖ�����m �l����$�5 �:��#������j~䉔�� ?� r�}BA��=�3� �,Ҷ�5��X���g���V\=�l+�Uy � �w��j��ݶ`�,����~T%��� ��s��o�ݫ�F_�f]� ���|���/_����x������t�.]��렘�5.d� Y3�K.ڃ��z��$[V�FP��\�����_�d�d�"�s�d��kXu�jʓ���V��\�=րo�B�|V3�x6��'��`�=aD���Kj��0��u�@�s���� i�#�� ds�\�KR��2����rt�.C�r���5_�2����_s���5��gD�#E+s��'`u� Q�zq5!�y� 5\����>V�<\U�����������4��0_�/��l�|N}�y\�-���z��`��Y��go=��q5��3��0��b���_�0� ��|>���s�r)�m��,w5���������ou�|�V!�yR�Y>[U|~GI�y�����J��)J��I�4�<"�|��$���v��$k8p�&��(� 9n� k���BK��� ,rN2�r�g��y��XpZ &ٛ���2�)o�L9�s�s\���9�H��\h8&ȫ� J�?숬 �oN6��5�a�8~�H���� ��)5ˏ�R�9�?2����'���'��J��1�'��JM��Uo���ڹ�@%�m���t��XX��U� ^�"s�fx���U*��x�?�q��vj#��q��� ?QA��������y�'D66w�B3��7�#* 4���A�s �K� �� �l������v[��<G��� B[�Y>+��i眦��2 tV��R��̑��A�,�|���%��R-��L������w{J�_������>��w-� ��y�����p�5Z/@��r�#�x+���\BT�>��ι�i �"�m�wM��\�0�)�-n����J�� |k\>�4��n`��r:��w���z�}�z�u:Z�u'���ym���ռ�=m2��v��ǯ����(/�/J,���o~�C��W���?!��yN�� ��Zb?�� �k�n�?�ﮭ�F�w7Ƴ?� ��@!�XL���)���?����32��I�k�Y1jq_��g�<��?<�� ��9/��ϰ��[�����9"?/S�T��3 �<?qG0럕 }� (��rc�s&��-�?럋��v�c�.���w���$v�p�ƹ���~�L��.���)_��1������P~�I����qq����!z4\��v����F�A�Y��_[BR�Z0�[t��[w�e��`n� �n�`�D �X�i�y-���l�?��o���@6�d��V(�+E��+��{H+�:RJ)D���{��!+{|�o��0��Y@��FW!��X�������J��� �_��҉)|:���f,���r�LD@ c��E����E6Xzg ��(`K��W�� q����ϿZ&�f�i��� �Y:Ŀ# ��o�`�� �=&��B ����/BG��+�ɿ�j �������A���B���� �+ل����������7���.�O�G�Wb��8ȿ�7���0ǿ�w��� ����Mɗ<>2�Gf�_�ƿ��j��o"��/��B~�����uňz3�{��\�VE=��H�5-`ٓ���3��v]��먯��#˯=+dž��^�N�Dz\���w���H�Ǵ�@�}�O �Y>'q�";�B �C��h�C��Z���.n|$f3�c��?T-B�*�?�߈;Y����Y���C�?N�X�q6�\|ڢ�Y�q�2�Cp������ ��V(y��Q6��m(p��d����U3�P?�?djzn�$5��m*���}��)����C��z6��$�g�|��<��4��̼M�/������ ��ϊ�?�C�7K����+�wr{r{]��E���{� �����W|���Ϫ��L6�c%���oc��n�!9j�؃ �=�|��,s�[�T����3���Z����O����Ъ�M"�J����R�3M㿬9�_v����?��l�]$�g�\��� Q�����$�W��ߣ��c��a�Wnh��s-��d⿎���%�o������8�Y)����Q��J�O7����@�?�k������>�s0�>D7���] �yB�����߇��:s����sh�Oc��d ����D�)�к﯋�'��ߡ��+��i�%E�<�����fS�z��F�돪���l�+7���!z@��z��ׅ�G l4�6��ϑ���i��f��8��Ҡ�.���һ�+������(�Y "��qnö�{����q�y� �]!ѻ��jR�rR��I�l|����]\��?����r�%p**jT"��������5b��)(v � �h�5��Q��~�ŀ V���*�آX�����]� ����3p�����̛7���<n|{[2='} �^`���n���j6����|c����~9Օ��1=g��)��Ƀ�������a��ϛك�GV�ߝ��Z�.�5&�=˰��&�� <]~� ���bv����4|�a�M��a�T�x&#/�_�q�?CdϪ�fn>���d< d��kߛL&HM c�e/2l�����J���N�y���* %���?8<(�aOr��J�w��-������)����5�ʳ�a��M���h�j�����Y��\��[zs��gh\(�Qy �yL�<��g=�zͰO��t����i�i<�4���s���z�,�6���� �f u�w8|� ���& �')�~7�>� �{���~�?��u2<�0B`��E&M�M��<I�t�v�dB A�/4A�gx������%H�K��� ��ºݫ��ҳE ��Px ���Wiٚ0D�)�}�ݏ�W��t�<�o0l{IH�I�-���_�Ã�Kc8�d��������@𳄋� +�O���FO?:`T��D/�{a��)U��r2�!3I��~�}1��=�y�O��� d������6X��!��YJ�H��$����!п=IBcB+�/��qi��R��J鯆���R�HWH�����$����l�_��E? �C ��������?��bDOL��~�`�Ka�a�I&M�ˈ�J��|HئHxD8�/��S�>H.䬈{�)�z{ ~$����? ^�ߒ�o����xʁZB���U���u)�5��#�H9�����g���M�*���2�������] e��(��u��V�?Q��#���Zƿ�����n����ؗ���ED8;P�?^I��D�Q}mƿ�G�[_)� G��C-�;!���O�J��G2��l� ��sȆ�L�����`�>��'H��k��:���:13��D�kI����Q��!�nr�O��������?A���y��`����S�}?���ה�!��/D���lT��Q��Xǿ����}��?��{��\��պ�4��ה�����E�G���������mƿ�K���2���{ �o��q�}������L�1yI��GB6<d��[��^����%�/��%���e�� ZD,�yE���%������A«�������6�C#�/����; ��?�uu��+����o� | ����~���!Ue�/�?���0��F��xx���C�K�^|<$7Ձu1V���P%��i�޷��@�}�&�����ى�-�����N���=1�1z-�^ ��$��<��z"�cx�����\P\'���|�B�;���� �{��@�t��)�wnO��#qV��%��)�73�Л��<�|�A�{܋�;� �7P��|gH�FF��8�^k�������[4��{��yzI���e��=z`��a�<�ȼ ׆eF�4�O#�S�5�~/��E�|��^=�N ��.g����~�k�n ݞWM�dQ��X��r���K��,�d�ȋ�+������� [��[��4>,�) �d�r�ţ0�!aZ�X>L�"�iI\ �J�g1J��o�������.?z�uq l���t`6Q�f100K�2��� LAD�(�m�9�ŷM߭-�+��ѕ�w*�o��v~��������U� N��;���s1i�����O���X� z��1��~�8��te/AIS���S\?&u�tK���G�*���+]?� $���V���d��*Y�N"�oNj�_'1��ֿXq��j3�9��'��~�ki������xfF��ҧ����E6|������+p���P� ��z����]���aJ�ĺ���o��N5��o����@�@ �86���(�⸞X�jQ�h5��>Ca��x�u- ��?n��vs}�~8NG�x3Ȍ.��,m�S��3� 3�h�w�V�T^}�@��23_s��4�՞/~O��*���4�߲7R�"����^6���a��jR���ھa��"~p6{���W�_� �����"��֔8�s���O�Y/���5�Rį�k)~�>�@�^w��]�N��3>��o�g~&M� �I5~�K��C ?�Ɗ�EՐ��3�<~NW��=���=�L?�WR���>���0~?�P��ZX+h���)�|L���i��WG�E�@��u����P?��2�����G,�N��c���E<�)({�g]�ЮG�tP� �Ց[ Xbݶ�:�3�$�0|4�v�;"(��% [��(��c��c��C|+�Lcg 8X�3U�O^��~E� �ܾ8N؏�� fk>=��icl���o  dƗ��߼!�+A~������{�ϯ����H�_M�u~/V�M���{6�{���o��<�э���Z.~�xA~�W����x~��`~o������>�L���g��m(���g~o���^o"�ۥ�o߆r~Ɍ*����_ ��������}Җ緂ȯJ�Ƙ��[A�w�^���ޘ�>�����;<@����෿h���O������_8�/ϑؿ����H�B�_gb��S2�K�����sl��W�O� c�uH?� �O�i:�S�@�u6�@�X��?\��gs����x��F��&��?:[߿x�,�t��_4���ؠ��� ���� � ��K ��|�;���@��w�o��� V�@�f4�|��v�ym�\�Z��1��������0Fs��,��v�гp��^��~�l�<<(�;帹q�9��9�e��TaB�Ɇ��0����8�������=����3�%�]}C|�����-?��J�YkZ�� ��'}����# ��;I���e�W��<�����o��8����4�e#����`������~��c�ԓ��]�* _ŴZ<��5DC�Is;W:B�5/�<۰�%4�q�l� �i��赃y�hH6i��F8�o�����/����Аb�|$a��U�W ;R^"�M��JG�d��*E���?|�i '�?�y_���^ۭ�R��+ S2�(1�Qvֵ87�8O��V^�ى)��@β�FԵ�Ӄ �����) ��Hhj����>�7�M��_���!{��:��'��������,=l���$I�g����`�r����cUG��]1�;d#�ձ�'�l�e�;J6���VdB68D���l���d�<�� ���NC��5��̴�K�ϰ�p?&�l�]��3��:�OU9�|^��\�Á���5o&�6v�~)���m, �E.{~���I0I��Q��p �y�LXo��'���F��,<�:���50�@��2v��,�����Q,��m� ,�_����]���e|>^��-����{��������[��|���2>��=ߢ��ݑ�_�l�sr���7��_���ʶ��O��o��,�����������p�Yu(̖���p�ؙ 2zU�ؘ2]�u��z�#��^���t�73> 1� � Ö���:IΓsw�x�{�To��⁾!�ϓ�F��/!������<����y��3^���p�l�<� ���<����rW���� ����� �J�u� ��nU�_t����H �Mϑ]�V?�w�.Z����R�p#++\%ݱ�ƌ� Scz�����G�8I#�I�x�$u<�L��޴��� ��з�����+\:$.��E� � �aY�S6B�#@ �؎� <aƭ�п ���? �bw�뾣��O>�=͟?�C[��v�qp'G>NaXB]d0 ��\��>����3-n��y�l�sNA.���g+�?�w����5�?�>L��b�&�S����Ǻ5yw����;h��@)���L��[++�!)1�M+]I��gO s����T�E�I��H��ڂ�-j����ץ��c���N돽}i���ʲ���I�X�uj��gQ�����)՟�-˩?��c���Q���Z�v�����Gk�o�����?Be�s����������r������g� ����Y���̧��* ����{WӁ[��`�h�����*�?�A���f������-����DQf]��OHP9���v���բ����}��a �?��/��?��Ԣ�m/ӟU����o�&lt��Un� 4�?ïI�g5S&�������ڼ�t���]�9 ����L�O�T�?�'��g���7���W�f������� ,��|і�?o)� *�Q�{`�? ݹ�֟/�Q�cl'ӟ��f�gylb�5n����41��\��?e������a��N�xn�T@�=o���y[Z"�Y�u?����e���������2��iy��`������yϭ;�ǔ���g���yC鏾���ijF���X�|ge����f���2�'�l�Ok�����?s �ex�6J�'�?�%�����S��e��}�sز���������S$�>.���
    --6311D6B0A39E5CA4
    Content-Type: application/octet-stream
    Content-Range: bytes 6750208-6782975/20955201
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301560_1VYM1AB1UOOH4QGUY&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    36.9kB
    1.0MB
    761
    758

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301102_1BHX5R8BV838HBSD7&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301151_191TZ1ARIUD05NY0D&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301535_1ECP54607Y582Y2EJ&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301560_1VYM1AB1UOOH4QGUY&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.3kB
    16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.3kB
    16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.3kB
    16
    14
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    795 B
    465 B
    6
    5

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    812 B
    799 B
    8
    5

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    1.2kB
    799 B
    7
    5

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    1.2kB
    799 B
    7
    5

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    789 B
    799 B
    6
    5

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    927 B
    1.4kB
    8
    6

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    770 B
    450 B
    7
    5

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    200
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    823 B
    799 B
    6
    5

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    873 B
    799 B
    7
    5

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    852 B
    1.4kB
    9
    6

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    865 B
    799 B
    9
    5

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    732 B
    799 B
    6
    5

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    1.1kB
    799 B
    7
    5

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    858 B
    799 B
    7
    5

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    972 B
    799 B
    7
    5

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    778 B
    759 B
    6
    4

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    799 B
    799 B
    6
    5

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    723 B
    799 B
    7
    5

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 123.213.233.131:80
    http://humydrole.com/tmp/index.php
    http
    924 B
    799 B
    8
    5

    HTTP Request

    POST http://humydrole.com/tmp/index.php

    HTTP Response

    404
  • 96.17.178.176:80
    10.3kB
    219.2kB
    143
    157
  • 96.17.178.176:80
    8.5kB
    219.3kB
    150
    157
  • 96.17.178.176:80
    8.7kB
    219.4kB
    154
    158
  • 96.17.178.176:80
    46 B
    40 B
    1
    1
  • 96.17.178.176:80
    http
    15.5kB
    455.8kB
    262
    328

    HTTP Response

    /rs7QSKz��{�/��vr����ා�T�K�|�)�ĺ��};7���D���ʛ�ʛ����F�%n�C��0�e���4G�"z��[����5���KFc1�7�����S��#eS>��]ęg踙7� EF.���(�8%J����RD�����L3k$ �������O�(����|��/� ��n����Bv���L�Ń�)�W1hrv����|��v�fMR�o����OЬ�ls^��Χ�0�� ��G�Ķ=�h�ǥ:��e=��x��t����h�%������?�<����y�:�l�54��Smw�\���M po��/��qGe���SQ�MŚ���4�dp���`�ֈ'�w6y����R�� �R��#Ab��}�I���^��FMِ-6l�ԧW �/(Q�'�@u�f�7��l@Ɋ����9 ��ޯ},H��/ón��]��Qc�U ��ϕ���__�yؘ.��4�R�G��k/s˂�Æ����MܹH���j����vn���ɿ Þ�*�_{�T��5�Z�qc��2�A�`��L �7�����ͭ�Z ����VD��읅`C��T�G�!`A�c{�������
  • 96.17.178.176:80
    23.8kB
    619.4kB
    392
    445
  • 88.221.134.42:80
  • 88.221.134.42:80
  • 88.221.134.42:80
  • 88.221.134.42:80
  • 88.221.134.42:80
  • 88.221.134.42:80
  • 88.221.134.42:80
  • 88.221.134.42:80
  • 88.221.134.42:80
  • 88.221.134.42:80
  • 88.221.134.42:80
  • 88.221.134.42:80
  • 88.221.134.42:80
  • 88.221.134.42:80
  • 88.221.135.217:80
  • 88.221.135.217:80
  • 96.17.178.176:80
  • 96.17.178.176:80
  • 96.17.178.176:80
  • 96.17.178.176:80
  • 96.17.178.176:80
  • 96.17.178.176:80
  • 20.86.201.138:443
  • 20.86.201.138:443
  • 20.86.201.138:443
  • 8.8.8.8:53
    146.78.124.51.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    146.78.124.51.in-addr.arpa

  • 8.8.8.8:53
    72.32.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    72.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    173 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
    106 B
    1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    humydrole.com
    dns
    59 B
    219 B
    1
    1

    DNS Request

    humydrole.com

    DNS Response

    123.213.233.131
    181.168.176.36
    195.158.3.162
    179.153.102.52
    189.232.1.60
    186.13.17.220
    210.182.29.70
    190.218.146.245
    186.182.55.44
    211.53.230.67

  • 8.8.8.8:53
    131.233.213.123.in-addr.arpa
    dns
    74 B
    133 B
    1
    1

    DNS Request

    131.233.213.123.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    216 B
    158 B
    3
    1

    DNS Request

    171.39.242.20.in-addr.arpa

    DNS Request

    171.39.242.20.in-addr.arpa

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    104.241.123.92.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    104.241.123.92.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    288 B
    158 B
    4
    1

    DNS Request

    119.110.54.20.in-addr.arpa

    DNS Request

    119.110.54.20.in-addr.arpa

    DNS Request

    119.110.54.20.in-addr.arpa

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
    211.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    211.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    42.134.221.88.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    42.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    dns
    137 B
    1
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    144 B
    274 B
    2
    2

    DNS Request

    18.134.221.88.in-addr.arpa

    DNS Request

    18.134.221.88.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3408-4-0x00000000028D0000-0x00000000028E6000-memory.dmp

    Filesize

    88KB

  • memory/3448-1-0x00000000008D0000-0x00000000009D0000-memory.dmp

    Filesize

    1024KB

  • memory/3448-2-0x00000000009D0000-0x00000000009DB000-memory.dmp

    Filesize

    44KB

  • memory/3448-3-0x0000000000400000-0x0000000000856000-memory.dmp

    Filesize

    4.3MB

  • memory/3448-5-0x0000000000400000-0x0000000000856000-memory.dmp

    Filesize

    4.3MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.