Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b0d1f5ebfb...1a.exe

windows7-x64

7

b0d1f5ebfb...1a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/01/2024, 07:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a.exe

  • Size

    1.8MB

  • MD5

    34446803caeef0fddd97afd72ce1f7d3

  • SHA1

    b2a287c2b93389277c6167df74f85df6a4089f45

  • SHA256

    b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a

  • SHA512

    62407b80fe9373802079208bb7b93a92c87ee414b4f670121a04677ec4d4c7458abafcc85127da46fc318a96d75bbec574e413c26787527db5a639ae3bd044bb

  • SSDEEP

    49152:rx5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAbaB0zj0yjoB2:rvbjVkjjCAzJ/B2Yyjl

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 11 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 20 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a.exe
    "C:\Users\Admin\AppData\Local\Temp\b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:980
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:1120
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3800
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:4636
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:2000
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:5032
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4060
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2004
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:564
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:1128
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:2460
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      PID:624
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:5104

    Network

    • flag-us
      DNS
      pywolwnvd.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      pywolwnvd.biz
      IN A
      Response
      pywolwnvd.biz
      IN A
      34.41.229.245
    • flag-us
      DNS
      pywolwnvd.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      pywolwnvd.biz
      IN A
      Response
      pywolwnvd.biz
      IN A
      34.41.229.245
    • flag-us
      POST
      http://pywolwnvd.biz/jekrqh
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      34.41.229.245:80
      Request
      POST /jekrqh HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: pywolwnvd.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:33:32 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=c43d16c74704d3a56c6085acb7f552f8|89.149.23.59|1706081612|1706081612|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      POST
      http://pywolwnvd.biz/qixfuexdu
      b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a.exe
      Remote address:
      34.41.229.245:80
      Request
      POST /qixfuexdu HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: pywolwnvd.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 934
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:33:29 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=6adb8b8d17e0054d6ca4eaf4144a6d73|89.149.23.59|1706081609|1706081609|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      ssbzmoy.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      ssbzmoy.biz
      IN A
      Response
      ssbzmoy.biz
      IN A
      34.128.82.12
    • flag-id
      POST
      http://ssbzmoy.biz/tnxyioktw
      b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a.exe
      Remote address:
      34.128.82.12:80
      Request
      POST /tnxyioktw HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: ssbzmoy.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 934
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:33:30 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=dadf44e0b7ce688aac527bddc542ddbc|89.149.23.59|1706081610|1706081610|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      DNS
      245.229.41.34.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      245.229.41.34.in-addr.arpa
      IN PTR
      Response
      245.229.41.34.in-addr.arpa
      IN PTR
      2452294134bcgoogleusercontentcom
    • flag-us
      DNS
      187.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      187.178.17.96.in-addr.arpa
      IN PTR
      Response
      187.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-187deploystaticakamaitechnologiescom
    • flag-us
      DNS
      12.82.128.34.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      12.82.128.34.in-addr.arpa
      IN PTR
      Response
      12.82.128.34.in-addr.arpa
      IN PTR
      128212834bcgoogleusercontentcom
    • flag-us
      DNS
      cvgrf.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      cvgrf.biz
      IN A
      Response
      cvgrf.biz
      IN A
      104.198.2.251
    • flag-us
      POST
      http://cvgrf.biz/q
      b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a.exe
      Remote address:
      104.198.2.251:80
      Request
      POST /q HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: cvgrf.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 934
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:33:31 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=e807f0ae9114eb277421f30e3f564ff6|89.149.23.59|1706081611|1706081611|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      DNS
      npukfztj.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      npukfztj.biz
      IN A
      Response
      npukfztj.biz
      IN A
      34.174.61.199
    • flag-us
      POST
      http://npukfztj.biz/nglvvdk
      b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a.exe
      Remote address:
      34.174.61.199:80
      Request
      POST /nglvvdk HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: npukfztj.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 934
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:33:31 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=068186c7808b2190bdfec37ddb69bb24|89.149.23.59|1706081611|1706081611|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      DNS
      251.2.198.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      251.2.198.104.in-addr.arpa
      IN PTR
      Response
      251.2.198.104.in-addr.arpa
      IN PTR
      2512198104bcgoogleusercontentcom
    • flag-us
      DNS
      przvgke.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      przvgke.biz
      IN A
      Response
      przvgke.biz
      IN A
      172.234.25.151
    • flag-us
      POST
      http://przvgke.biz/gvrdbmjmg
      b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a.exe
      Remote address:
      172.234.25.151:80
      Request
      POST /gvrdbmjmg HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: przvgke.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 934
      Response
      HTTP/1.1 302 Found
      content-length: 0
      location: http://ww12.przvgke.biz/gvrdbmjmg
      cache-control: no-cache
    • flag-us
      POST
      http://przvgke.biz/lblxpbvtjjnymv
      b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a.exe
      Remote address:
      172.234.25.151:80
      Request
      POST /lblxpbvtjjnymv HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: przvgke.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 934
      Response
      HTTP/1.1 302 Found
      content-length: 0
      location: http://ww12.przvgke.biz/lblxpbvtjjnymv
      cache-control: no-cache
    • flag-us
      DNS
      ww12.przvgke.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      ww12.przvgke.biz
      IN A
      Response
      ww12.przvgke.biz
      IN CNAME
      878223.parkingcrew.net
      878223.parkingcrew.net
      IN A
      76.223.26.96
      878223.parkingcrew.net
      IN A
      13.248.148.254
    • flag-us
      GET
      http://ww12.przvgke.biz/gvrdbmjmg
      b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a.exe
      Remote address:
      76.223.26.96:80
      Request
      GET /gvrdbmjmg HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Host: ww12.przvgke.biz
      Response
      HTTP/1.1 200 OK
      Date: Wed, 24 Jan 2024 07:33:32 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Server: nginx
      Vary: Accept-Encoding
      Vary: Accept-Encoding
      X-Buckets: bucket011
      X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_dBBLBtCioGf0SxgQ2wtfRAh1fzxDXBi2XFRTFWMe2CeItw56LJpYoBSpLqTBH4krHRl1VpgEQTVinWWrq3X5ag==
      X-Template: tpl_CleanPeppermintBlack_twoclick
      X-Language: english
      Accept-CH: viewport-width
      Accept-CH: dpr
      Accept-CH: device-memory
      Accept-CH: rtt
      Accept-CH: downlink
      Accept-CH: ect
      Accept-CH: ua
      Accept-CH: ua-full-version
      Accept-CH: ua-platform
      Accept-CH: ua-platform-version
      Accept-CH: ua-arch
      Accept-CH: ua-model
      Accept-CH: ua-mobile
      Accept-CH-Lifetime: 30
      X-Domain: przvgke.biz
      X-Subdomain: ww12
    • flag-us
      DNS
      199.61.174.34.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      199.61.174.34.in-addr.arpa
      IN PTR
      Response
      199.61.174.34.in-addr.arpa
      IN PTR
      1996117434bcgoogleusercontentcom
    • flag-us
      DNS
      151.25.234.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      151.25.234.172.in-addr.arpa
      IN PTR
      Response
      151.25.234.172.in-addr.arpa
      IN PTR
      stone02 parklogiccom
    • flag-us
      DNS
      96.26.223.76.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      96.26.223.76.in-addr.arpa
      IN PTR
      Response
      96.26.223.76.in-addr.arpa
      IN PTR
      aba1c1ff9d2ec5376awsglobalacceleratorcom
    • flag-us
      DNS
      ssbzmoy.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      ssbzmoy.biz
      IN A
      Response
      ssbzmoy.biz
      IN A
      34.128.82.12
    • flag-id
      POST
      http://ssbzmoy.biz/vxdwvjsmuvcf
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      34.128.82.12:80
      Request
      POST /vxdwvjsmuvcf HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: ssbzmoy.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:33:33 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=0f1a8eb054269ecdedef440bd1f34c23|89.149.23.59|1706081613|1706081613|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      DNS
      cvgrf.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      cvgrf.biz
      IN A
      Response
      cvgrf.biz
      IN A
      104.198.2.251
    • flag-us
      POST
      http://cvgrf.biz/dinfjsfqs
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      104.198.2.251:80
      Request
      POST /dinfjsfqs HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: cvgrf.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:33:34 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=a8ad4f54ba33c5fdc9d7d4245d870e3e|89.149.23.59|1706081614|1706081614|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      DNS
      npukfztj.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      npukfztj.biz
      IN A
      Response
      npukfztj.biz
      IN A
      34.174.61.199
    • flag-us
      POST
      http://npukfztj.biz/onljlkjrlnagjo
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      34.174.61.199:80
      Request
      POST /onljlkjrlnagjo HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: npukfztj.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:33:34 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=4f4862af103432c7ee5abc8d1c1771df|89.149.23.59|1706081614|1706081614|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      DNS
      przvgke.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      przvgke.biz
      IN A
      Response
      przvgke.biz
      IN A
      172.234.25.151
    • flag-us
      POST
      http://przvgke.biz/klqmw
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      172.234.25.151:80
      Request
      POST /klqmw HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: przvgke.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
      Response
      HTTP/1.1 302 Found
      content-length: 0
      location: http://ww12.przvgke.biz/klqmw
      cache-control: no-cache
    • flag-us
      POST
      http://przvgke.biz/ouhpymys
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      172.234.25.151:80
      Request
      POST /ouhpymys HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: przvgke.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
      Response
      HTTP/1.1 302 Found
      content-length: 0
      location: http://ww12.przvgke.biz/ouhpymys
      cache-control: no-cache
    • flag-us
      GET
      http://ww12.przvgke.biz/klqmw
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      76.223.26.96:80
      Request
      GET /klqmw HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Host: ww12.przvgke.biz
      Response
      HTTP/1.1 200 OK
      Date: Wed, 24 Jan 2024 07:33:35 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Server: nginx
      Vary: Accept-Encoding
      Vary: Accept-Encoding
      X-Buckets: bucket011
      X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_FLs4EGBTFhIPvx0ROEBUG64h383bWfVsaEAjrj0lh7igNbs9zeMCadZPogBHEMf6bKFoHvWtMA6un2ME+BEcGA==
      X-Template: tpl_CleanPeppermintBlack_twoclick
      X-Language: english
      Accept-CH: viewport-width
      Accept-CH: dpr
      Accept-CH: device-memory
      Accept-CH: rtt
      Accept-CH: downlink
      Accept-CH: ect
      Accept-CH: ua
      Accept-CH: ua-full-version
      Accept-CH: ua-platform
      Accept-CH: ua-platform-version
      Accept-CH: ua-arch
      Accept-CH: ua-model
      Accept-CH: ua-mobile
      Accept-CH-Lifetime: 30
      X-Domain: przvgke.biz
      X-Subdomain: ww12
    • flag-us
      GET
      http://ww12.przvgke.biz/ouhpymys
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      76.223.26.96:80
      Request
      GET /ouhpymys HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Host: ww12.przvgke.biz
      Response
      HTTP/1.1 200 OK
      Date: Wed, 24 Jan 2024 07:33:35 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Server: nginx
      Vary: Accept-Encoding
      Vary: Accept-Encoding
      X-Buckets: bucket011
      X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_HcXSBPnOSMOCKXB0v82h5PL77V1v03eJnZZ977fvpP7P3Y/8yPNMs4XI5GtRybpdxjjd8UYx/vOq2t7KRM4SJg==
      X-Template: tpl_CleanPeppermintBlack_twoclick
      X-Language: english
      Accept-CH: viewport-width
      Accept-CH: dpr
      Accept-CH: device-memory
      Accept-CH: rtt
      Accept-CH: downlink
      Accept-CH: ect
      Accept-CH: ua
      Accept-CH: ua-full-version
      Accept-CH: ua-platform
      Accept-CH: ua-platform-version
      Accept-CH: ua-arch
      Accept-CH: ua-model
      Accept-CH: ua-mobile
      Accept-CH-Lifetime: 30
      X-Domain: przvgke.biz
      X-Subdomain: ww12
    • flag-us
      DNS
      zlenh.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      zlenh.biz
      IN A
      Response
    • flag-us
      DNS
      knjghuig.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      knjghuig.biz
      IN A
      Response
      knjghuig.biz
      IN A
      34.128.82.12
    • flag-id
      POST
      http://knjghuig.biz/d
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      34.128.82.12:80
      Request
      POST /d HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: knjghuig.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:33:36 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=d932f4bd18f8ccf8efe7ffd8e274667d|89.149.23.59|1706081616|1706081616|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      DNS
      uhxqin.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      uhxqin.biz
      IN A
      Response
    • flag-us
      DNS
      anpmnmxo.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      anpmnmxo.biz
      IN A
      Response
    • flag-us
      DNS
      lpuegx.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      lpuegx.biz
      IN A
      Response
      lpuegx.biz
      IN A
      82.112.184.197
    • flag-us
      DNS
      20.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      20.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.134.221.88.in-addr.arpa
      IN PTR
      Response
      18.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-18deploystaticakamaitechnologiescom
    • flag-us
      DNS
      vjaxhpbji.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      vjaxhpbji.biz
      IN A
      Response
      vjaxhpbji.biz
      IN A
      82.112.184.197
    • flag-us
      DNS
      114.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      114.110.16.96.in-addr.arpa
      IN PTR
      Response
      114.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-114deploystaticakamaitechnologiescom
    • flag-us
      DNS
      180.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      180.178.17.96.in-addr.arpa
      IN PTR
      Response
      180.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-180deploystaticakamaitechnologiescom
    • flag-us
      DNS
      31.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      31.243.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      xlfhhhm.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      xlfhhhm.biz
      IN A
      Response
      xlfhhhm.biz
      IN A
      34.29.71.138
    • flag-us
      DNS
      xlfhhhm.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      xlfhhhm.biz
      IN A
      Response
      xlfhhhm.biz
      IN A
      34.29.71.138
    • flag-us
      POST
      http://xlfhhhm.biz/kajef
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      34.29.71.138:80
      Request
      POST /kajef HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: xlfhhhm.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:35:01 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=9b8072f3961828559ec556637ddc0740|89.149.23.59|1706081701|1706081701|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      DNS
      ifsaia.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      ifsaia.biz
      IN A
      Response
      ifsaia.biz
      IN A
      34.143.166.163
    • flag-us
      DNS
      ifsaia.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      ifsaia.biz
      IN A
      Response
      ifsaia.biz
      IN A
      34.143.166.163
    • flag-sg
      POST
      http://ifsaia.biz/hxjmvxwlvdd
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      34.143.166.163:80
      Request
      POST /hxjmvxwlvdd HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: ifsaia.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:35:02 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=ce5b2ba038f66f5201075923d56f6610|89.149.23.59|1706081702|1706081702|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      DNS
      138.71.29.34.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      138.71.29.34.in-addr.arpa
      IN PTR
      Response
      138.71.29.34.in-addr.arpa
      IN PTR
      138712934bcgoogleusercontentcom
    • flag-us
      DNS
      138.71.29.34.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      138.71.29.34.in-addr.arpa
      IN PTR
      Response
      138.71.29.34.in-addr.arpa
      IN PTR
      138712934bcgoogleusercontentcom
    • flag-us
      DNS
      saytjshyf.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      saytjshyf.biz
      IN A
      Response
      saytjshyf.biz
      IN A
      34.67.9.172
    • flag-us
      DNS
      saytjshyf.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      saytjshyf.biz
      IN A
      Response
      saytjshyf.biz
      IN A
      34.67.9.172
    • flag-us
      POST
      http://saytjshyf.biz/vmjp
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      34.67.9.172:80
      Request
      POST /vmjp HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: saytjshyf.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:35:02 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=a3aece05fb48251ac6a422b074888ef3|89.149.23.59|1706081702|1706081702|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      DNS
      vcddkls.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      vcddkls.biz
      IN A
      Response
      vcddkls.biz
      IN A
      34.128.82.12
    • flag-us
      DNS
      vcddkls.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      vcddkls.biz
      IN A
      Response
      vcddkls.biz
      IN A
      34.128.82.12
    • flag-id
      POST
      http://vcddkls.biz/frajstrljwpy
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      34.128.82.12:80
      Request
      POST /frajstrljwpy HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: vcddkls.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:35:03 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=18c519f7382a70f9fc4aae62e45b7e0b|89.149.23.59|1706081703|1706081703|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      DNS
      163.166.143.34.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      163.166.143.34.in-addr.arpa
      IN PTR
      Response
      163.166.143.34.in-addr.arpa
      IN PTR
      16316614334bcgoogleusercontentcom
    • flag-us
      DNS
      163.166.143.34.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      163.166.143.34.in-addr.arpa
      IN PTR
      Response
      163.166.143.34.in-addr.arpa
      IN PTR
      16316614334bcgoogleusercontentcom
    • flag-us
      DNS
      172.9.67.34.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.9.67.34.in-addr.arpa
      IN PTR
      Response
      172.9.67.34.in-addr.arpa
      IN PTR
      17296734bcgoogleusercontentcom
    • flag-us
      DNS
      172.9.67.34.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.9.67.34.in-addr.arpa
      IN PTR
      Response
      172.9.67.34.in-addr.arpa
      IN PTR
      17296734bcgoogleusercontentcom
    • flag-us
      DNS
      fwiwk.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      fwiwk.biz
      IN A
      Response
      fwiwk.biz
      IN A
      67.225.218.6
    • flag-us
      DNS
      fwiwk.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      fwiwk.biz
      IN A
      Response
      fwiwk.biz
      IN A
      67.225.218.6
    • flag-us
      POST
      http://fwiwk.biz/lqqgxixatgtncfmc
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      67.225.218.6:80
      Request
      POST /lqqgxixatgtncfmc HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: fwiwk.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
    • flag-us
      POST
      http://fwiwk.biz/vbeni
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      67.225.218.6:80
      Request
      POST /vbeni HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: fwiwk.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
    • flag-us
      DNS
      tbjrpv.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      tbjrpv.biz
      IN A
      Response
      tbjrpv.biz
      IN A
      34.91.32.224
    • flag-us
      DNS
      tbjrpv.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      tbjrpv.biz
      IN A
      Response
      tbjrpv.biz
      IN A
      34.91.32.224
    • flag-nl
      POST
      http://tbjrpv.biz/ivqopc
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      34.91.32.224:80
      Request
      POST /ivqopc HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: tbjrpv.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:35:04 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=d7fa5680a81e19f9214ba0bbbea5aed8|89.149.23.59|1706081704|1706081704|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      DNS
      deoci.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      deoci.biz
      IN A
      Response
      deoci.biz
      IN A
      34.174.78.212
    • flag-us
      POST
      http://deoci.biz/kvtwjctltflmkpp
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      34.174.78.212:80
      Request
      POST /kvtwjctltflmkpp HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: deoci.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:35:05 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=8082b571d317a3af7de0df9ec025b80e|89.149.23.59|1706081705|1706081705|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      DNS
      gytujflc.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      gytujflc.biz
      IN A
      Response
    • flag-us
      DNS
      qaynky.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      qaynky.biz
      IN A
      Response
      qaynky.biz
      IN A
      34.143.166.163
    • flag-us
      DNS
      qaynky.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      qaynky.biz
      IN A
      Response
      qaynky.biz
      IN A
      34.143.166.163
    • flag-sg
      POST
      http://qaynky.biz/tvrdexmcwqsoe
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      34.143.166.163:80
      Request
      POST /tvrdexmcwqsoe HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: qaynky.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:35:05 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=2e99bdfe9adb568ebf3b1f65b84eca4c|89.149.23.59|1706081705|1706081705|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      DNS
      224.32.91.34.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      224.32.91.34.in-addr.arpa
      IN PTR
      Response
      224.32.91.34.in-addr.arpa
      IN PTR
      224329134bcgoogleusercontentcom
    • flag-us
      DNS
      224.32.91.34.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      224.32.91.34.in-addr.arpa
      IN PTR
      Response
      224.32.91.34.in-addr.arpa
      IN PTR
      224329134bcgoogleusercontentcom
    • flag-us
      DNS
      6.218.225.67.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      6.218.225.67.in-addr.arpa
      IN PTR
      Response
      6.218.225.67.in-addr.arpa
      IN PTR
      lb06 parklogiccom
    • flag-us
      DNS
      212.78.174.34.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      212.78.174.34.in-addr.arpa
      IN PTR
      Response
      212.78.174.34.in-addr.arpa
      IN PTR
      2127817434bcgoogleusercontentcom
    • flag-us
      DNS
      bumxkqgxu.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      bumxkqgxu.biz
      IN A
      Response
      bumxkqgxu.biz
      IN A
      34.174.61.199
    • flag-us
      DNS
      bumxkqgxu.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      bumxkqgxu.biz
      IN A
      Response
      bumxkqgxu.biz
      IN A
      34.174.61.199
    • flag-us
      POST
      http://bumxkqgxu.biz/eskjjgithko
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      34.174.61.199:80
      Request
      POST /eskjjgithko HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: bumxkqgxu.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 24 Jan 2024 07:35:06 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: btst=c3868307facc01585e944ab13f57d9a4|89.149.23.59|1706081706|1706081706|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
      Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    • flag-us
      DNS
      dwrqljrr.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      dwrqljrr.biz
      IN A
      Response
      dwrqljrr.biz
      IN A
      34.41.229.245
    • flag-us
      DNS
      dwrqljrr.biz
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      8.8.8.8:53
      Request
      dwrqljrr.biz
      IN A
      Response
      dwrqljrr.biz
      IN A
      34.41.229.245
    • flag-us
      POST
      http://dwrqljrr.biz/okg
      DiagnosticsHub.StandardCollector.Service.exe
      Remote address:
      34.41.229.245:80
      Request
      POST /okg HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Host: dwrqljrr.biz
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
      Content-Length: 872
    • flag-us
      DNS
      67.112.168.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      67.112.168.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      67.112.168.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      67.112.168.52.in-addr.arpa
      IN PTR
      Response
    • 34.41.229.245:80
      http://pywolwnvd.biz/jekrqh
      http
      DiagnosticsHub.StandardCollector.Service.exe
      2.9kB
       677 B
       9
      6

      HTTP Request

      POST http://pywolwnvd.biz/jekrqh

      HTTP Response

      200
    • 34.41.229.245:80
      http://pywolwnvd.biz/qixfuexdu
      http
      b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a.exe
      1.6kB
       657 B
       8
      6

      HTTP Request

      POST http://pywolwnvd.biz/qixfuexdu

      HTTP Response

      200
    • 34.128.82.12:80
      http://ssbzmoy.biz/tnxyioktw
      http
      b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a.exe
      1.6kB
       655 B
       6
      6

      HTTP Request

      POST http://ssbzmoy.biz/tnxyioktw

      HTTP Response

      200
    • 104.198.2.251:80
      http://cvgrf.biz/q
      http
      b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a.exe
      1.5kB
       653 B
       6
      6

      HTTP Request

      POST http://cvgrf.biz/q

      HTTP Response

      200
    • 34.174.61.199:80
      http://npukfztj.biz/nglvvdk
      http
      b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a.exe
      1.6kB
       656 B
       6
      6

      HTTP Request

      POST http://npukfztj.biz/nglvvdk

      HTTP Response

      200
    • 172.234.25.151:80
      http://przvgke.biz/lblxpbvtjjnymv
      http
      b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a.exe
      3.0kB
       479 B
       9
      6

      HTTP Request

      POST http://przvgke.biz/gvrdbmjmg

      HTTP Response

      302

      HTTP Request

      POST http://przvgke.biz/lblxpbvtjjnymv

      HTTP Response

      302
    • 76.223.26.96:80
      http://ww12.przvgke.biz/gvrdbmjmg
      http
      b0d1f5ebfbec8ca0c74920c77f44183e69d98ead60b312033ea9f8846cd6621a.exe
      945 B
       16.4kB
       13
      17

      HTTP Request

      GET http://ww12.przvgke.biz/gvrdbmjmg

      HTTP Response

      200
    • 34.128.82.12:80
      http://ssbzmoy.biz/vxdwvjsmuvcf
      http
      DiagnosticsHub.StandardCollector.Service.exe
      1.5kB
       655 B
       6
      6

      HTTP Request

      POST http://ssbzmoy.biz/vxdwvjsmuvcf

      HTTP Response

      200
    • 104.198.2.251:80
      http://cvgrf.biz/dinfjsfqs
      http
      DiagnosticsHub.StandardCollector.Service.exe
      1.5kB
       653 B
       6
      6

      HTTP Request

      POST http://cvgrf.biz/dinfjsfqs

      HTTP Response

      200
    • 34.174.61.199:80
      http://npukfztj.biz/onljlkjrlnagjo
      http
      DiagnosticsHub.StandardCollector.Service.exe
      1.5kB
       656 B
       6
      6

      HTTP Request

      POST http://npukfztj.biz/onljlkjrlnagjo

      HTTP Response

      200
    • 172.234.25.151:80
      http://przvgke.biz/ouhpymys
      http
      DiagnosticsHub.StandardCollector.Service.exe
      2.9kB
       509 B
       10
      7

      HTTP Request

      POST http://przvgke.biz/klqmw

      HTTP Response

      302

      HTTP Request

      POST http://przvgke.biz/ouhpymys

      HTTP Response

      302
    • 76.223.26.96:80
      http://ww12.przvgke.biz/ouhpymys
      http
      DiagnosticsHub.StandardCollector.Service.exe
      1.8kB
       32.4kB
       24
      37

      HTTP Request

      GET http://ww12.przvgke.biz/klqmw

      HTTP Response

      200

      HTTP Request

      GET http://ww12.przvgke.biz/ouhpymys

      HTTP Response

      200
    • 34.128.82.12:80
      http://knjghuig.biz/d
      http
      DiagnosticsHub.StandardCollector.Service.exe
      1.5kB
       656 B
       6
      6

      HTTP Request

      POST http://knjghuig.biz/d

      HTTP Response

      200
    • 82.112.184.197:80
      lpuegx.biz
      DiagnosticsHub.StandardCollector.Service.exe
      260 B
       5
    • 52.142.223.178:80
      260 B
       5
    • 82.112.184.197:80
      lpuegx.biz
      DiagnosticsHub.StandardCollector.Service.exe
      260 B
       5
    • 82.112.184.197:80
      vjaxhpbji.biz
      DiagnosticsHub.StandardCollector.Service.exe
      260 B
       5
    • 82.112.184.197:80
      vjaxhpbji.biz
      DiagnosticsHub.StandardCollector.Service.exe
      260 B
       5
    • 34.29.71.138:80
      http://xlfhhhm.biz/kajef
      http
      DiagnosticsHub.StandardCollector.Service.exe
      1.5kB
       655 B
       6
      6

      HTTP Request

      POST http://xlfhhhm.biz/kajef

      HTTP Response

      200
    • 34.143.166.163:80
      http://ifsaia.biz/hxjmvxwlvdd
      http
      DiagnosticsHub.StandardCollector.Service.exe
      1.5kB
       654 B
       6
      6

      HTTP Request

      POST http://ifsaia.biz/hxjmvxwlvdd

      HTTP Response

      200
    • 34.67.9.172:80
      http://saytjshyf.biz/vmjp
      http
      DiagnosticsHub.StandardCollector.Service.exe
      1.5kB
       657 B
       6
      6

      HTTP Request

      POST http://saytjshyf.biz/vmjp

      HTTP Response

      200
    • 34.128.82.12:80
      http://vcddkls.biz/frajstrljwpy
      http
      DiagnosticsHub.StandardCollector.Service.exe
      1.5kB
       655 B
       6
      6

      HTTP Request

      POST http://vcddkls.biz/frajstrljwpy

      HTTP Response

      200
    • 67.225.218.6:80
      http://fwiwk.biz/lqqgxixatgtncfmc
      http
      DiagnosticsHub.StandardCollector.Service.exe
      1.5kB
       252 B
       6
      6

      HTTP Request

      POST http://fwiwk.biz/lqqgxixatgtncfmc
    • 67.225.218.6:80
      http://fwiwk.biz/vbeni
      http
      DiagnosticsHub.StandardCollector.Service.exe
      1.5kB
       252 B
       6
      6

      HTTP Request

      POST http://fwiwk.biz/vbeni
    • 34.91.32.224:80
      http://tbjrpv.biz/ivqopc
      http
      DiagnosticsHub.StandardCollector.Service.exe
      1.5kB
       654 B
       6
      6

      HTTP Request

      POST http://tbjrpv.biz/ivqopc

      HTTP Response

      200
    • 34.174.78.212:80
      http://deoci.biz/kvtwjctltflmkpp
      http
      DiagnosticsHub.StandardCollector.Service.exe
      1.5kB
       653 B
       6
      6

      HTTP Request

      POST http://deoci.biz/kvtwjctltflmkpp

      HTTP Response

      200
    • 34.143.166.163:80
      http://qaynky.biz/tvrdexmcwqsoe
      http
      DiagnosticsHub.StandardCollector.Service.exe
      1.5kB
       654 B
       6
      6

      HTTP Request

      POST http://qaynky.biz/tvrdexmcwqsoe

      HTTP Response

      200
    • 34.174.61.199:80
      http://bumxkqgxu.biz/eskjjgithko
      http
      DiagnosticsHub.StandardCollector.Service.exe
      1.5kB
       665 B
       6
      6

      HTTP Request

      POST http://bumxkqgxu.biz/eskjjgithko

      HTTP Response

      200
    • 34.41.229.245:80
      dwrqljrr.biz
      DiagnosticsHub.StandardCollector.Service.exe
      260 B
       5
    • 34.41.229.245:80
      http://dwrqljrr.biz/okg
      http
      DiagnosticsHub.StandardCollector.Service.exe
      4.1kB
       44 B
       9
      1

      HTTP Request

      POST http://dwrqljrr.biz/okg
    • 8.8.8.8:53
      pywolwnvd.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      59 B
       75 B
       1
      1

      DNS Request

      pywolwnvd.biz

      DNS Response

      34.41.229.245

    • 8.8.8.8:53
      pywolwnvd.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      59 B
       75 B
       1
      1

      DNS Request

      pywolwnvd.biz

      DNS Response

      34.41.229.245

    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      ssbzmoy.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      57 B
       73 B
       1
      1

      DNS Request

      ssbzmoy.biz

      DNS Response

      34.128.82.12

    • 8.8.8.8:53
      245.229.41.34.in-addr.arpa
      dns
      72 B
       124 B
       1
      1

      DNS Request

      245.229.41.34.in-addr.arpa

    • 8.8.8.8:53
      187.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      187.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      12.82.128.34.in-addr.arpa
      dns
      71 B
       122 B
       1
      1

      DNS Request

      12.82.128.34.in-addr.arpa

    • 8.8.8.8:53
      cvgrf.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      55 B
       71 B
       1
      1

      DNS Request

      cvgrf.biz

      DNS Response

      104.198.2.251

    • 8.8.8.8:53
      npukfztj.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      58 B
       74 B
       1
      1

      DNS Request

      npukfztj.biz

      DNS Response

      34.174.61.199

    • 8.8.8.8:53
      251.2.198.104.in-addr.arpa
      dns
      72 B
       124 B
       1
      1

      DNS Request

      251.2.198.104.in-addr.arpa

    • 8.8.8.8:53
      przvgke.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      57 B
       73 B
       1
      1

      DNS Request

      przvgke.biz

      DNS Response

      172.234.25.151

    • 8.8.8.8:53
      ww12.przvgke.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      62 B
       130 B
       1
      1

      DNS Request

      ww12.przvgke.biz

      DNS Response

      76.223.26.96
      13.248.148.254

    • 8.8.8.8:53
      199.61.174.34.in-addr.arpa
      dns
      72 B
       124 B
       1
      1

      DNS Request

      199.61.174.34.in-addr.arpa

    • 8.8.8.8:53
      151.25.234.172.in-addr.arpa
      dns
      73 B
       108 B
       1
      1

      DNS Request

      151.25.234.172.in-addr.arpa

    • 8.8.8.8:53
      96.26.223.76.in-addr.arpa
      dns
      71 B
       127 B
       1
      1

      DNS Request

      96.26.223.76.in-addr.arpa

    • 8.8.8.8:53
      ssbzmoy.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      57 B
       73 B
       1
      1

      DNS Request

      ssbzmoy.biz

      DNS Response

      34.128.82.12

    • 8.8.8.8:53
      cvgrf.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      55 B
       71 B
       1
      1

      DNS Request

      cvgrf.biz

      DNS Response

      104.198.2.251

    • 8.8.8.8:53
      npukfztj.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      58 B
       74 B
       1
      1

      DNS Request

      npukfztj.biz

      DNS Response

      34.174.61.199

    • 8.8.8.8:53
      przvgke.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      57 B
       73 B
       1
      1

      DNS Request

      przvgke.biz

      DNS Response

      172.234.25.151

    • 8.8.8.8:53
      zlenh.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      55 B
       117 B
       1
      1

      DNS Request

      zlenh.biz

    • 8.8.8.8:53
      knjghuig.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      58 B
       74 B
       1
      1

      DNS Request

      knjghuig.biz

      DNS Response

      34.128.82.12

    • 8.8.8.8:53
      uhxqin.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      56 B
       118 B
       1
      1

      DNS Request

      uhxqin.biz

    • 8.8.8.8:53
      anpmnmxo.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      58 B
       120 B
       1
      1

      DNS Request

      anpmnmxo.biz

    • 8.8.8.8:53
      lpuegx.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      56 B
       72 B
       1
      1

      DNS Request

      lpuegx.biz

      DNS Response

      82.112.184.197

    • 8.8.8.8:53
      20.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      20.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      56.126.166.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      56.126.166.20.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      18.134.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      18.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      vjaxhpbji.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      59 B
       75 B
       1
      1

      DNS Request

      vjaxhpbji.biz

      DNS Response

      82.112.184.197

    • 8.8.8.8:53
      114.110.16.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      114.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      180.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      180.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      31.243.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      31.243.111.52.in-addr.arpa

    • 8.8.8.8:53
      xlfhhhm.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      114 B
       146 B
       2
      2

      DNS Request

      xlfhhhm.biz

      DNS Request

      xlfhhhm.biz

      DNS Response

      34.29.71.138

      DNS Response

      34.29.71.138

    • 8.8.8.8:53
      ifsaia.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      112 B
       144 B
       2
      2

      DNS Request

      ifsaia.biz

      DNS Request

      ifsaia.biz

      DNS Response

      34.143.166.163

      DNS Response

      34.143.166.163

    • 8.8.8.8:53
      138.71.29.34.in-addr.arpa
      dns
      142 B
       244 B
       2
      2

      DNS Request

      138.71.29.34.in-addr.arpa

      DNS Request

      138.71.29.34.in-addr.arpa

    • 8.8.8.8:53
      saytjshyf.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      118 B
       150 B
       2
      2

      DNS Request

      saytjshyf.biz

      DNS Request

      saytjshyf.biz

      DNS Response

      34.67.9.172

      DNS Response

      34.67.9.172

    • 8.8.8.8:53
      vcddkls.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      114 B
       146 B
       2
      2

      DNS Request

      vcddkls.biz

      DNS Request

      vcddkls.biz

      DNS Response

      34.128.82.12

      DNS Response

      34.128.82.12

    • 8.8.8.8:53
      163.166.143.34.in-addr.arpa
      dns
      146 B
       252 B
       2
      2

      DNS Request

      163.166.143.34.in-addr.arpa

      DNS Request

      163.166.143.34.in-addr.arpa

    • 8.8.8.8:53
      172.9.67.34.in-addr.arpa
      dns
      140 B
       240 B
       2
      2

      DNS Request

      172.9.67.34.in-addr.arpa

      DNS Request

      172.9.67.34.in-addr.arpa

    • 8.8.8.8:53
      fwiwk.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      110 B
       142 B
       2
      2

      DNS Request

      fwiwk.biz

      DNS Request

      fwiwk.biz

      DNS Response

      67.225.218.6

      DNS Response

      67.225.218.6

    • 8.8.8.8:53
      tbjrpv.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      112 B
       144 B
       2
      2

      DNS Request

      tbjrpv.biz

      DNS Request

      tbjrpv.biz

      DNS Response

      34.91.32.224

      DNS Response

      34.91.32.224

    • 8.8.8.8:53
      deoci.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      55 B
       71 B
       1
      1

      DNS Request

      deoci.biz

      DNS Response

      34.174.78.212

    • 8.8.8.8:53
      gytujflc.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      58 B
       120 B
       1
      1

      DNS Request

      gytujflc.biz

    • 8.8.8.8:53
      qaynky.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      112 B
       144 B
       2
      2

      DNS Request

      qaynky.biz

      DNS Request

      qaynky.biz

      DNS Response

      34.143.166.163

      DNS Response

      34.143.166.163

    • 8.8.8.8:53
      224.32.91.34.in-addr.arpa
      dns
      142 B
       244 B
       2
      2

      DNS Request

      224.32.91.34.in-addr.arpa

      DNS Request

      224.32.91.34.in-addr.arpa

    • 8.8.8.8:53
      6.218.225.67.in-addr.arpa
      dns
      71 B
       103 B
       1
      1

      DNS Request

      6.218.225.67.in-addr.arpa

    • 8.8.8.8:53
      212.78.174.34.in-addr.arpa
      dns
      72 B
       124 B
       1
      1

      DNS Request

      212.78.174.34.in-addr.arpa

    • 8.8.8.8:53
      bumxkqgxu.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      118 B
       150 B
       2
      2

      DNS Request

      bumxkqgxu.biz

      DNS Request

      bumxkqgxu.biz

      DNS Response

      34.174.61.199

      DNS Response

      34.174.61.199

    • 8.8.8.8:53
      dwrqljrr.biz
      dns
      DiagnosticsHub.StandardCollector.Service.exe
      116 B
       148 B
       2
      2

      DNS Request

      dwrqljrr.biz

      DNS Request

      dwrqljrr.biz

      DNS Response

      34.41.229.245

      DNS Response

      34.41.229.245

    • 8.8.8.8:53
      67.112.168.52.in-addr.arpa
      dns
      144 B
       292 B
       2
      2

      DNS Request

      67.112.168.52.in-addr.arpa

      DNS Request

      67.112.168.52.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      Filesize

      2.1MB

      MD5

      89e7b2f6f79c37cf115446df04d281ad

      SHA1

      2f4f00021d6a0337e30a4e4a8cbfc3d300d61316

      SHA256

      b3782eb900b745e4eacbf5006e0a84577e0a69a951c68f54abd6694de06f221e

      SHA512

      d088ddcabe38ae041c7f27513993a16f5c5d6d473646a309d3de7be943df4e3ecb5f4b1a1205d376acd9943c4bde0b8171164676ecf2073ccc598a40d1d8d43e

      Download Submit

    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      Filesize

      1.4MB

      MD5

      acd3078caf1d18ea2ceb17187f2c946e

      SHA1

      7fc8796e16b54feaa518407f71044395bfa76d43

      SHA256

      f090f181452238450a1ab4e4d82323cb84cf561ed180260e02d2d0051c9913a3

      SHA512

      2559edd344b91389cf11eef6a9a8b6a88a61391c898ef671f8e82b127b120a8efd6653d1bd5c91e03bcefd1b576e2b2991528b6e7555c0a00b6726f6f899ec65

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
      Filesize

      1.4MB

      MD5

      15ea627d80745851746dfa0895b73756

      SHA1

      a8e50d8c345048f966c06dbff00427d5c2975fda

      SHA256

      981f5754fe86b8378a79833bdf79ae4be84a48dc04829d1722a5fd351ec9310f

      SHA512

      b01831294e6c10bfdbb38d48b447ec84d9f131bf3e0040eae3b3cd489e172c5ab8edd67a543da239b30a7361f859b9ed2f54ac3502f4dd4dfd24a7433898e11e

      Download Submit

    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      Filesize

      2.1MB

      MD5

      33065149e905c45ff5c29859d5c21ac1

      SHA1

      de8134c392a6ba8c66ef6c9cbf6061187a81d9f2

      SHA256

      cf3d3ad2bd3b0640fe1341e9a37d2d25a0b219e7673ed85fb7cbd8004cf7ce69

      SHA512

      2291691f8f317c970625dd06b4bb269e1399d7f4b5add6d69b2bb5a79c671f54090ca607a9e292137c5f72dcfed107887953d2b06861907e43dbdd4b577c1dbe

      Download Submit

    • C:\Windows\SysWOW64\perfhost.exe
      Filesize

      1.2MB

      MD5

      ecfc4091d611d417daf4ef723563c808

      SHA1

      75be7b344a5ad79fe898389655f55feadfad5479

      SHA256

      79d8d8455e14ba620b70be052489cddbbaf1b507ce37690e1eb481b0b73c66b5

      SHA512

      4a978178b8fc10c1638a5b68c4e0730d08188bc52ffe71e4edf043775e5b2352b64f5e9f7a41f1490a74631e041b68de122f09c16eb4df3859aa9f9e9c7fb37b

      Download Submit

    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      Filesize

      1.3MB

      MD5

      869b485b0f905d276a85e07d7e421b49

      SHA1

      a14a79c9285fcac42240c84d899aaa18882ad801

      SHA256

      9082b4ae4663941c92035af164a7227f2a0d8301c6107897fd1a6af850edaab5

      SHA512

      3977ee756556b94b831d1779a2491254cb7c6844e0775ef806c02579006db0d65431e5d4c91180c55d0b267e4658da2d1d21f25c7ad5bb18cc3c9ba584607655

      Download Submit

    • C:\Windows\System32\FXSSVC.exe
      Filesize

      1.2MB

      MD5

      c31ca6016d2b730128c274aa93af87d5

      SHA1

      8d7c61b59510f3509a3b96c58f00a9dea98943a0

      SHA256

      5063b1e6520cdd57d79044c34e711429070ec315e350f0e0a8c3a539c8214237

      SHA512

      647e4b85c0930660c1187ab4a4f76b3642629b77361450dc3eeedb21d53c6a3ec8a831e5b38a32a930c3957389bd5d8dfe77ec8fb6262b9e5815f421998570ee

      Download Submit

    • C:\Windows\System32\Locator.exe
      Filesize

      735KB

      MD5

      57aeec6b3fbcddce00c3239ae53a0d69

      SHA1

      aa08ace881f14926f53f3f1608bb6266aaafe5ba

      SHA256

      9800e18beb3c599ae7345e156850084ba68c48614966ef9b495bee31195e1691

      SHA512

      657313b9bdf31dde8a0752bff1bdefd22785be3bf8a8b68fac948e0b8d1848c6fb9848ead5f59b087190ba118a898a83774c6a7d8dc0b6f9fd128a925fa3e124

      Download Submit

    • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
      Filesize

      384KB

      MD5

      ab5fa4d07347a8f7fc92b13f430852e5

      SHA1

      3575dbd79a168964ffc4b2e4df68762ede1f0351

      SHA256

      96091a56cd80bc6dadcbda44c14e4bb0fc738256b2f425965ce57559bac9eaa2

      SHA512

      0b0392c44ce86c78f3844beb4dd3423f4ee7d3bc419b0f4a9f14936fd2d2fccab2bf948360998c2c417b9d4544a3868ff4d1e05fb23c3bca9393d4676bdc3296

      Download Submit

    • C:\Windows\System32\alg.exe
      Filesize

      1.3MB

      MD5

      2c00af46a16420036e311ba467c9aad1

      SHA1

      202b5d7ffb2a079ee05b46f74287c48ef9e81919

      SHA256

      9965605903444887208614cf13257ed2e92eb0ba23a32495977c12175e5c0f34

      SHA512

      bc7b93b2fea849edb1f36a54cff74c6aa49c1b5344274eeaeb5aa9457987b65dc71eaaeada7f96067848e62208082652d50762853afac7284709b8ca7aebb912

      Download Submit

    • C:\Windows\System32\msdtc.exe
      Filesize

      512KB

      MD5

      f96d65a22b8ee84c483697768572f2ac

      SHA1

      3f5e36bd2c0e09b84e3d5a50678027033ccbd6ba

      SHA256

      96ded6d5b9164056579a179fa92293c3fe31c00b1dd53eeb567c7448541192e2

      SHA512

      e5e060387dc674e3757b1a6b145e2ee3b99c38d815923a5f130d8367b9c8e53d2287e5a79727437ecae01e98e9d972f9c67dc3887528d8c5fb3aa5e3a591e961

      Download Submit

    • C:\Windows\system32\AppVClient.exe
      Filesize

      1.3MB

      MD5

      132485b113de28c4c93ad6f4cdb163e1

      SHA1

      59d3e57357128b3c413c7141312715b3adf278a0

      SHA256

      56c5363181ab6aaf8f58d9d0a483e5bf6ce554b67159a850d722f69c4c48e306

      SHA512

      24d54915870483567161e630e410e553feee831784a2194a73817473c3ee714d3e495c0d07039853a4a4113ff21a3916c51d8270573492f1740b6a164ac676e9

      Download Submit

    • C:\Windows\system32\msiexec.exe
      Filesize

      1.2MB

      MD5

      a451b95852e848167750cb774141e673

      SHA1

      3bf41337dc389efa89a01f3f3b6e3719e8cb0186

      SHA256

      0e5ef9798bc872a633dcf24431d9ff854fe59ca3123d6e6f53a2baf90aae3e4e

      SHA512

      5ec0d2d7274531a50a0f675f20c6e3b2058ede02f04d5a3559e5bdd9e5678767b28a61f56702261cd0929028430ca3577ff5aedc36e9e0573cadbee762f0260d

      Download Submit

    • memory/564-140-0x0000000140000000-0x000000014015A000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/564-366-0x0000000140000000-0x000000014015A000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/624-416-0x0000000000400000-0x0000000000538000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/624-417-0x0000000000820000-0x0000000000887000-memory.dmp

      Filesize

      412KB

      Download

    • memory/980-120-0x0000000000400000-0x00000000005D4000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/980-242-0x0000000000400000-0x00000000005D4000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/980-0-0x0000000000400000-0x00000000005D4000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/980-7-0x0000000000740000-0x00000000007A7000-memory.dmp

      Filesize

      412KB

      Download

    • memory/980-6-0x0000000000740000-0x00000000007A7000-memory.dmp

      Filesize

      412KB

      Download

    • memory/980-1-0x0000000000740000-0x00000000007A7000-memory.dmp

      Filesize

      412KB

      Download

    • memory/1120-139-0x0000000140000000-0x000000014014B000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1120-12-0x0000000140000000-0x000000014014B000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1128-367-0x0000000140000000-0x0000000140170000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/1128-155-0x00000000004F0000-0x0000000000550000-memory.dmp

      Filesize

      384KB

      Download

    • memory/1128-147-0x0000000140000000-0x0000000140170000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/1128-145-0x00000000004F0000-0x0000000000550000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2000-98-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2000-96-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2004-137-0x0000000140000000-0x000000014016B000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2004-134-0x0000000000D10000-0x0000000000D70000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2004-131-0x0000000000D10000-0x0000000000D70000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2004-124-0x0000000000D10000-0x0000000000D70000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2004-125-0x0000000140000000-0x000000014016B000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2460-370-0x0000000140000000-0x000000014014C000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2460-230-0x0000000140000000-0x000000014014C000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2460-232-0x0000000000BC0000-0x0000000000C20000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2460-244-0x0000000000BC0000-0x0000000000C20000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3800-53-0x0000000000680000-0x00000000006E0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3800-91-0x0000000000680000-0x00000000006E0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3800-52-0x0000000140000000-0x000000014014A000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3800-144-0x0000000140000000-0x000000014014A000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/4060-113-0x0000000140000000-0x000000014022B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/4060-340-0x0000000140000000-0x000000014022B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/4060-112-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4060-119-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/5032-100-0x0000000000910000-0x0000000000970000-memory.dmp

      Filesize

      384KB

      Download

    • memory/5032-101-0x0000000140000000-0x0000000140237000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/5032-247-0x0000000140000000-0x0000000140237000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/5032-108-0x0000000000910000-0x0000000000970000-memory.dmp

      Filesize

      384KB

      Download

    • memory/5104-426-0x0000000140000000-0x0000000140136000-memory.dmp

      Filesize

      1.2MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.